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METHODS AND SYSTEMS TO DISTRIBUTE CONTENT VIA A NETWORK 
UTILIZING DISTRIBUTED CONDITIONAL ACCESS AGENTS AND SECURE 
AGENTS, AND TO PERFORM DIGITAL RIGHTS MANAGEMENT (DRM) 

CROSS REFERENCE TO RELATED APPLICATIONS 

This application claims the benefit of U.S. Provisional Application No. 60/212,125, filed 
June 16, 2000. 

FIELD OF THE INVENTION 

The present invention relates generally to the field of network communications and, more 
specifically, to methods and systems for the secure distribution and delivery of content via a 
communications network. 

BACKGROUND OF THE INVENTION 

The proliferation of networks, and the widespread acceptance of the Intemet as a 
commxihication and distribution channel in particular, have presented a nimaber of opportunities 
for pay media content distribution. Specifically, broadband Intemet Protocol (EP) networking 
and satellite technologies have provided a number of new opportunities for publishing and media 
content distribution worldwide. The ability of networks to support resource-intensive media, 
such as streaming media multicasting, is growing rapidly as satellite and broadband IP 
technologies allow content and service providers to distribute high-quality video to millions of 
subscribers simultaneously. 

However, these opportunities have been accompanied by concerns regarding content 
piracy and digital rights management (DRM). A challenge facing traditional pay media 
distributors is to enable content providers to control their proprietary content, while maintaining 
the flexibility to distribute media content widely. The increased distribution potential heightens 
the need to protect and secure media content. For example, a content provider may have 
particular concerns regarding preventative measures to minimize the possibility of premium 
content falling into wrong hands, and the enforcement of copyrights. 

Conditional Access (CA) technology for traditional broadcasting systems is based on 
implementing business rales in a seciure device (e.g., a smart card) located at the subscriber 
receiving device. Access.to content is controlled by encrypting the content with a key. The 
secure device will only release this key to the decr3^ting device if the subscriber fulfills the 
access conditions set by the operator. A problem with such security systems is that the seciure 
devices in the field need to be replaced when new business rules are introduced or when the 
security system is liacked'. When a large number of seciure devices iq the field need to be 
updated, it will be appreciated that the cost implications are significant. In the case of large 
numbers this can be a very expensive exercise. 
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The Internet is becoming a platform for content delivery to millions of users worldwide. 
Using the Internet for secure content delivery introduces several problems. For example, 
standard Client/Server systems often cannot handle the load associated with large pay-per-view 
events, as a single central security server is typically not equipped to handle millions of events in 
a short time period. Further, standard Chent/Server systems typically require that a single content 
encryption key be shared by all users, rendering such systems vulnerable to key hook piracy 
(extracting the key and distributing the key to unauthorized users). Distributed security systems 
to manage access to content (e.g., LDAP) partially address the first problem identified above, but 
do not protect the content encryption keys firom xmauthorized operators. 

A rapidly growing broadband Intemet audience is making the Intemet an exciting place 
to stream audio and video directly to millions of users worldwide. To overcome Intemet 
congestion, streaming media may be pushed to the edges of the Intemet (e.g., to the ISP's), where 
it is cached and firom where the media can be streamed at high quality to the end user. Content 
owners are increasingly using the Intemet are a platform to deliver high quality programming to 
a large and rapidly growing audience. However, content providers are often reluctant to put 
premium content on the Intemet, as digital content can easily be stored, forwarded and copied 
without any degradation by any user with a computer and a (broadband) Intemet coimection. 
Copy protection standards, such as those specified by 5C, at the end user device using a physical 
secure device for decryption are expensive and somewhat imsafe. An experienced hacker can 
typically break into the secure device and retrieve th^ 

content anonymously or, in a worst-case scenario, retrieve a decryption key and redistribute the 
content anonymously. 

Watermarking techniques at the end user device using a physical secure device may be 
expensive and unsafe, as any experienced hacker can break into the secure device and "catch*' 
the content before it is watermarked. 

When content is encrypted and distributed to a large group of subscribers via a 
communications network, there exists a danger that one of the subscribers may decrypt the 
content and, during the decryption process, extract a content (or product) encryption key that was 
used by a content provider to encrypt the content. Assuming the encrypted content is easily 
available for unauthorized users, this allows for so-called "key hook piracy" whereby the 
fraudulent, authorized user distributes the product key to unauthorized users, possibly together 
with the encrypted content. Distributing a single content encryption key over a communications 
network, such as the Intemet, can be done very efficiently. 

When a content provider wants to secure and sell premium content for distribution over a 
large worldwide network, such as the Intemet, there are a number of fimctions and systems that 
may need to be installed for a successful implementation. For example, secure storage and 
distribution of content encryption (or product) keys may be required to prevent exposure of the 
content (or product) encryption keys to a fraudulent operator or user. The exposure of such 
content encryption keys may result in a significant loss of revenue because of piracy. Further, a 
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secure and scaleable key distribution system, which can manage a large nimiber of subscribers 
simultaneously, may need to be in place. A scalable key distribution system may become critical 
to distribute content associated with large-scale live events. The implementation and operational 
costs associated with system software and hardware required to implement these functions may 
be high for a single content provider. 

Current hardware-based content security solutions typically combine user authentication 
and content security in one module (e.g., a single smart card or other tamper proof environment 
is used to authenticate the user and store/process content keys). This arrangement does not allow 
for situations in which a user orders content, using a secure identification device (such as a PKI- 
enabled banking smart card or mobile device including a PKI-enabled SIM chip), and views tiie 
content using a copy-protected viewing device other than a viewing device that is integral with 
the secure identification device. For example, the user may wish to access the content utilizing a 
copy-protected device that is not linked with a specific user, and that can therefore not be used to 
identify the user. 

Content licenses, such as those implemented by Microsoft Windows Media Digital 
Rights Management (DRM) technology and Intel ISIS, are signed by a private key of the license 
issuer as proof of the authenticity of the license to a content player (e.g., a set-top box). The 
signature of the content license with a private key prevents hackers from altering valid licenses 
and generating invalid licenses. However, assigning a license utilizing a private key operation is 
computationally expensive when a large nxmiber of simultaneous transactions are required. In 
addition, the implementation and operational costs of managing private keys and associated 
certificate authorities may be prohibitive. 

Networks (e.g., the Intemet) are becoming increasingly attractive to content providers as 
alternative distribution platforms for content, next to traditional TV broadcasting. It is desirable 
to provide a content distributor with a degree of geographic control over the distribution of 
content and to enable a content distributor to block users in certain coimtries or regions from 
accessing certain content. For example, a sports club may want to distribute a Uve game over the 
Intemet worldwide, but may need to block xisers in certain coimtries from accessing the content 
due to exclusive broadcasting rights that have been sold to national broadcasters. 

Traditional network-based pay media solutions require users to register payment 
information (e.g., credit card details) with a content distributor. This approach poses a number 
of burdens on users. Specifically, users may be required to provide financial information to 
companies (e.g., content distributors) that they do not trust. Further, users may be required to 
provide substantially identical financial information to a large number of content distributors if a 
user obtains content from a variety of sources. These bxurdens potentially create a barrier to entry 
for users. 



SUMMARY OF THE INVENTION 

According to a first aspect on the invention, there is provided method and system to 
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distribute content via a network. The content is received at a content distributor from a content 
provider and, at the content distributor, an operation relating to the content is performed. The 
content provider provides authorization to the content distributor to perform the operation, and 
the authorization is specific to the content distributor. 

The operation may be performed within a secure environment implemented at the content 
distributor, and may comprise an association operation to associate the content with a content 
consimier. In an exemplary embodiment, the association operation comprises a watermarking 
operation to watermark the content as content distributed specifically to the content consumer. 
In a further exemplary embodiment, the association operation comprises an encryption operation 
to encrypt the content utilizing a key associated with, and cormmmicated to, the content 
consumer. 

According to a further aspect of the present invention, there is provided a method and 
system to distribute content via a network. At a content provider, a set of session keys is 
generated and content is encrypted utilizmg the set of session keys. The set of session keys is 
then communicated to a content distributor. At the content distributor, the set of session keys is 
encrypted utilizing a user key to generate a set of encrypted keys. The encrypted content is 
communicated to a content destination. The set of encrypted keys is communicated from the 
content distributor to the content destination. The user key is communicated from the content 
distributor to the content destination so as to enable the content destination to decrypt the set of 
encrypted keys to extract the set of session keys. At the content-destination, the set of session 
keys is utilized to decrypt the encrypted content. 

In one exemplary embodiment, the set of session keys comprises a time-varying sequence 
of session keys. 

According to an even further aspect of the present invention, there is provided an 
automated method and system to provide an encryption key storage and distribution service. A 
product key is received at a service provider, the product key (1) being received from a first 
content provider, (2) encrypting first content controlled by the first content provider, and (3) 
being encrypted with a secure device public key of a first secure device of the service provider. 
Within the first secure device at the service provider, the product key is decrypted utilizing the 
secure device public key. Within the first secure device at the service provider, the product key is 
encrypted using a storage key associated with the secure device. The product key, encrypted 
using the stomge key, is stored at the service provider. 

In one embodiment, multiple product keys are received from respective content providers, each 
of the product keys encrypting content controlled by the respective content providers. Each of 
the product keys may be generated within a second secure device of each of the respective 
content providers. 

Rule information, pertaining to access to associated content controlled by a respective 
content provider, may also the received at the service provider wherein the mle information is 
stored at the service provider and is associated with at least one product key stored at the service 
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provider. 

According to yet a further aspect of the present invention, there is provided a method and 
system to secure content for distribution via a network. A user device authentication process is 
performed with respect to the content A copy-protected device authentication process is also 
performed with respect to the content The user device authentication process and the copy- 
protected device authentication process comprise separate authentication processes to protect the 
content from unauthorized access. In one embodiment, the user authentication process includes 
verification of a user device certificate and verification of the user credentials against content 
access criteria. In one embodiment, the copy-protected device authentication process includes 
verification of a copy-protected device certificate. 

According to an even further aspect of the present invention, there is provided method 
and system digitally to sign a content Ucense associated with content. The content license is 
generated at a content provider. The content license is signed utilizing a symmetric key. In an 
exemplary embodiment, symmetric key encrypts the content In an alternative exemplary 
embodiment, symmetric key encrypts a product key that in turn encrypts the content. 

According to another aspect of present invention, there is provided a method and system 
to distribute content via a network in a geographically controlled maimer. A request is received 
from a content requestor for delivery of content to the content requestor via the network. A 
content requestor authentication process is performed, the content requestor authorization 
process including determining a geographic location associated with the content requestor, 
determining geographic access criteria associated with the content, and determining whether the 
geographic location complies with the geographic access criteria. The content is released 
delivery to the content requestor if the content location complies with the geographic access 
criteria. In one exemplary embodiment, the determining of the geographic location includes 
determining a delivery address to which a copy-protected device associated with the content 
requestor was delivered. In an alternative exemplary embodiment, the determining of the 
geographic location includes determining a delivery address that a user authentication device 
associated with the content requestor was delivered. The determining of the geographic location 
may also include mapping a source network address of the request for the delivery of the content 
to a request soiurce location. 

According to another aspect of the present invention, there is provided a method and 
system to dynamically present a payment gateway to content requestor. Responsive to a request 
received at a content distributor for access to a content item provided by a content provider, a 
determination is made as to whether the content distributor records a first payment gateway of a 
fibrst plurality of payment gateways as being a preferred payment gateway. If the content 
distributor has selected a first payment gateway of a first plurality of payment gateways as a 
preferred payment gateway, then the first payment gateway is presented to a content requestor as 
an actual preferred payment gateway. On the other hand, if the content distributor has not 
recorded a first payment gateway of a first pluraUty of payment gateways as a first preferred 
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payment gateway, then the second preferred payment gateway of a second plurality of payment 
gateways recorded by the content provider of the content item is presented to the content 
requestor as the actual preferred payment gateway. In one embodiment, the actual preferred 
pajraent gateway is presented to the content requestor as a default payment gateway. The first 
plurality of payment gateways may be presented to the content requestor in an order reflecting 
relationships established between the content distributor and the first plurality of payment 
gateways. 

Other features of the present invention will be apparent firom the accompanying drawings 
and firom the detailed description that follows. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example and not limitation in the figures of 
the accompanying drawings, in which like references indicate similar elements and in which: 

Figure 1 is a block diagram illustrating processing of content as it is communicated firom 
a content provider, via a content distributor, to a content destination, according to an exemplary 
embodiment of the present invention. 

Figure 2 is a block diagram illustrating further details regarding software components 
that may reside at various locations of the content distribution system to faciU^ 
and delivery processes, according to an exemplary embodiment of the present invention. 

Figure 3 is a block diagram illustrating further architectural details regarding an 
exemplary embodiment of a content distribution system. 

Figure 4 is a diagranunatic representation of a number of real-time processes, databases 
and user interfaces that together provide the fimctionality of a conditional access server, 
according to an exemplary embodiment of the present invention. 

Figure 5 is a block diagram illustrating various processes that constitute a conditional 
access agent, according to an exemplary embodiment of the present invention. 

Figure 6A - 6B show a flowchart illustrating a method, according to an exemplary 
embodiment of the present invention, of processing a content request received ftom a content 
destination. 

Figure 7 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of securely delivering content from a content provider to a content 
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destination via a content distributor, where the content distributor performs an association 
operation relating to the content 



Figures 8A - 8B are block diagrams illustrating, at a high level and according to an 
exemplary embodiment of the present invention, a method of combating key-hook piracy by 
encrypting clear content with a relatively large number of random, time varjdng session keys. 

Figure 9 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of encrypting content utilizing a random, time varying sequence of session 
keys to combat keyr-hook piracy. 

Figures lOA - lOB show a flow chart illustrating a method, according to an exemplary 
embodiment of the present invention, of distributing cached content from a content distributor to 
a content destination, responsive to a request for the content from the content destination. 

Figure 11 is a block diagram illustrating a pay media conditional access service provider, 
according to an exemplary embodiment of the present invention, and illustrates an interaction of 
a conditional access service provider with multiple content providers, as well as with one of 
multiple conditional access agents. 

Figure 12 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, whereby a conditional access service provider provides security functions 
to multiple parties within a content distribution system. 

Figure 13 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of generating a product key at a content provider and storing the product 
key at a conditional access provider. 

Figure 14 is a flowchart depicting a method, according to an exemplary embodiment of 
the present invention, of distributing an agent secret key from a condition access agent to an ASP 
conditional access server. 

Figure 15 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of product key distribution from a conditional access service provider to a 
conditional access agent 

Figure 16 is a block diagram illustrating a system, according to an exemplary 
embodiment of the present invention, that provides a product key to access content upon receipt 
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and verification of two separate certificates, namely a user device certificate and a copy- 
protected device certificate. 

Figure 17 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, to secure content for distribution via a network by emplojdng separate user 
device and copy-protected device authentication processes to protect content from unauthorized 
access. 

Figure 18 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of communicating a product key, encrypted with the public keys of both a 
copy-protected device and a user authentication device. 

Figure 19 is a diagrammatic representation of a content license, according to an 
exemplary embodiment of the present invention. 

Figure 20 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of signing a content license utili2mg a symmetric key. 

Figure 21 is a diagrammatic representation of a fiirther content license, according to an 
exemplary embodiment of the present invention, that is signed utilizing a digital signature 
form of a symmetric key. 

Figure 22 is a flowchart illustrating fiirttier details regarding a method, according to an 
exemplary embodiment of the present invention, of generating a digital signature for a license 
utilizing a symmetric key. 

Figure 23 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of verifying a content license utilizing a digital signature that embodies a 
symmetric key. 

Figure 24 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of distributing content via a network in a geographically controlled 
manner. 

Figure 25 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, to dynamically present a payment gateway to a content requestor. 

Figure 26 illustrates an exemplary sequence of interfaces that may be presented by a 
client application executing at a content destination to present an order list of payment gateways. 

-8- 



wo 01/98903 



PCT/USOl/19271 



Figure 27 is a block diagram illustrating a machine, in an exemplary form of a computer 
system, that may operate to execute a sequence of instructions, stored on a machine-readable 
medium, for causing the machine to perform any of tiie mefliodologies discussed in the present 
specification. 

DRTAn.FD DESCRIPTION 

Methods and systems to distribute content via a network utilizing distributed conditional 
access agents and secure agents, and to perform digital rights management (DRM) are described. 
In the following description, for purposes of explanation, numerous specific details are set forth 
in order to provide a thorough understanding of the present invention. It will be evident, 
however, to one skilled in the art that the present invention may be practiced without these 
specific details and that these specific details are exemplary. 

Overview - Content Distribution System 

Figure 1 is a diagrammatic representation of a content distribution system 10, according 
to an exemplary embodiment of the present invention. The system 10 may conceptually be 
viewed as comprising a distribution process 12 and a delivery process 14. Within the 
distribution process 12, multiple content providers 16 (e.g., a content producer or owner) 
distribute content via a network 18 (e.g., the Intemet (wireless or wired)) to content distributors 
(or distribution points) 20. The distribution of content from a content provider 16 to a content 
distributor 20 may be as a multicast via satellite, as this provides an economic way to distribute 
content to a large number of content distributors 20. 

Each of the content distributors 20 caches content received from multiple content 
providers 16, and thus assists with the temporary storage of content near tihie "edges" of a 
network so as to reduce network congestion that would otherwise occur were a content provider 
16 to distribute content responsive to every content request received from a content consumer. 
Each content distributor 20 is equipped to respond to requests received via the network 18 from 
the multiple content destinations 22 (e.g., users) within a specified service area or conforming to 
specific criteria. Specifically, a content distributor 20, after performing the necessary 
authorization and verification procedures, may forward content that it has cached to a content 
destination 22 or, if such content has not been cached, may issue a request for the relevant 
content to a content provider 16. For example, if the content comprises a live "broadcast", the 
content may be directly forwarded via the content distributor 20 to the content destination 22. 

Typically, a request for content from a content destination 22 is re-routed to content 
distributor 20 located nearby the requesting content destination 22. The requested content is then 
streamed (or otherwise transmitted) from the content distributor 20 to a media terminal (e.g., a 
personal computer (PC), set-top box (STB), a mobile telephone, a game console, etc.) at the 
content destination 22. 
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Figure 1 illustrates, at a high-level, the processing of content as it is communicated from 
a content provider 16, via a content distributor 20, to a content destination 22. At the content 
provider 16, clear content 24 is encrypted utilizing, for example, a symmetric product key (or 
content key) to generate encrypted content 26. It will thus be appreciated that the content 
provider 16 will be particularly concemed about security pertaining to the product key as access 
to this key potentially allows for regeneration of the clear content 24. The encrypted content 26 
(or cipher text) is then communicated from the content provider 16, via the network 1 8, to the 
content distributor 20. A conditional access agent 28, which represents the interests of the 
content provider 16 at the remote content distributor 20, may perform a number of operations in 
a secure environment with respect to the encrypted content 26. In one embodiment, the 
conditional access agent 28 decrypts the encrypted content 26 to regenerate the clear content 24 
within a secure enviroimient, and watermarks the clear content for distribution to a specific 
content destination 22. Watermarked content 30 may then be distributed from the content 
distributor 20 via the network 18, to a conditional access cUent 32 at the content destination 22, 
In an altemative embodiment, the conditional access agent 28 at the content distributor 20 may 
re-encrypted the content with a public key of a copy-protected device at the content destination 
22. In any event, the clear and watermarked content 30 is then available for viewing and 
consumption at the content destination 22. 

Figure 2 is a block diagram showing ftirfher details regarding software components that 
may reside at the various-locations of the system 10-to facilitate the distribution and delivety^ 
processes 12 and 14. The content provider 16 operates a content provider server 34 that is 
responsible for the actual distribution of content from the content provider 16. For example, the 
content provider server 34 may comprise a streaming media server (e.g., the Real Networks 
streaming media server developed by Real Networks of Seattle, Washington State or a Microsoft 
media server developed by Microsoft of Redmond, Washington state). A conditional access 
server 36 (e.g., the Sentriq Server developed and distributed by Mindport Sentriq from San 
Diego, California) operates to define and store access rights to content of the content provider 
16, to perform digital rights management, to encrypt content, and to manage and distributed 
product keys. To this end, flie content provider server 34 and the conditional access server 36 
are shown to conmiimicate registration keys and access criteria. 

While the conditional access server 36 is shown to reside with a content provider 1 6, in 
an altemative embodiment, a conditional access server 37 may reside at a conditional access 
service provider (ASP) 38. In this case, the conditional access server 37 may perform the above- 
described frutictions for multiple content providers 16. 

The exemplary content distributor 20 is shown to host a local content server 40 and a 
conditional access agent 28. The local content server 40 may again be a streaming media server 
that streams cached (or freshly received) media. The conditional access agent 28 operates to 
provide intelligent content and revenue security to content providers 16 by processing access and 
revenue criteria, personaUzing content for delivery to a content destination 22, and personabzing 

-10- 
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and managing key delivery to a content destination 22. Broadly, the conditional access agent 28 
operates securely to authenticate a content destination 22 (e.g., utilizing secure tokens and X.509 
certificates), securely to retrieve and cache product key information and access criteria, and to 
forward processed transactions to a corranerce service provider 42 that provides billing and 
clearance services. For example, a conditional access agent 28 may evaluate a content request 
from a content destination 22 based on access criteria specified by a content provider 16, local 
date and time information, and user credentials and authentication. If a content destination 22 is 
authorized and/or payment is cleared, requested content may optionally be decrypted, personally 
watermarked, personally re-encrypted and delivered to the content destination 22 

A content destination 22 is shown to iaclude a secure device 46 (e.g., a copy-protected 
device such as a set-top box (STB)) and to host a conditional access cUent 48. The conditional 
access client 48 may reside on a personal computer or on the secure device 46. Where the 
conditional access client 48 resides on a personal computer it may, for example, launch 
responsive to the issuance of a request from a ftuther client program (e.g., a browser) for access 
certain content. The conditional access client 48 operates to communicate a public key of the 
secure device 46 to a conditional access agent 28 and also performs user authentication to verify 
that a particular user is authorized to initiate a transaction. The conditional access agent 28 
utilizes copy-protected device technology to stream content to a viewing device. 

To review, the content distribution system 10 is implemented by a distributed collection 
of conditional access servers 36, conditional access agents 28, and conditional access clients 48 
that operate in conjimction with media servers and viewing devices (e.g., players) to protected 
the rights of a content provider 16 in specific content, while facilitating the widespread 
distribution of content. A conditional access server 36 enables the content provider 16 to encrypt 
and associated access criteria (e.g., pay-per-view, pay-per-time, subscription) with content The 
conditional access server 36 also manages subscriptions and provides monitoring and statistic 
tools to a content provider 16. A conditional access agent 28 is a cryptographic component that 
insures that access criteria, as defined by content providers 16, are enforced. Conditional access 
agents 28 are located vdthin a distribution network (e.g., at an edge server) and validate 
subscriber content requests against, for example, content access criteria, local date and time, and 
subscriber credentials. A conditional access client 48 is located at a destination device (e.g., the 
PC, a STB, and mobile phone, game console or the like) and manages an interface between a 
secure device 46 and a subscriber. 

Figure 3 is a block diagram showing further architectural details regarding an exemplary 
embodiment of a content distribution system 10. The functioning of the various components of 
the content distribution system 10, as shown in Figure 3, will now be the described in the 
context of registration, content ordering and transaction processiug operations. 

The content distribution system 10 consists of a number of sub-systems that together 
provide a required functionality. In one embodiment, these sub-systems seek to enable the 
Intemet infrastructure to be utilized as a safe and secure medium for online selling and buying of 
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content,' data, programs, products and services context, including video and audio encoders, 
servers, players, clearing systems and existing Web sites. 

The content distribution system 10, in one embodiment, seeks to provide at least the 
following functions: 

(1) Conditional access to management through various access criteria schemes. 

(2) End-to-end content security and copy protection, using encryption and 
watermarking technology. 

(3) Transaction and purse management, using Public Key Infrastmcture (PKI) 
and extensible Markup Language (XML) technology. , 

(4) Pay-per-view, pay-per-time and subscription based access. 

(5) Access control on the basis of region and date/time. 

(6) Varying prices on the basis of region and date/time. 

(7) Management of a variety of (debit and credit) purses. 

(8) Scaling to many (simultaneous) subscribers using a highly distributed 
architecture. 

(9) Secure device portability, using the standard PKCS#1 1 interface. 

(10) User platform portability by defining an interface based on HTTP and XML, 
allowdng a range of subscriber platforms (PC/STB/GSM). 

The above listed functions, in one embodiment, are enabled primarily by the following 
components: 

(1) Conditional access clients 48 are located at content destinations 22 to sign 
content transactions and manage the content decryption process. The 
conditional access clients 48 each operate in conjimction with a secure 
device 46 (e.g., an e-Token or smart card). 

(2) Conditional access servers 36 are located at content providers 16 or at 
conditional access service providers 38 as a content security ASP for 
merchants. In the conditional access service provider embodiment, a 
content provider 16 may access a website operated by the conditional access 
service provider 38 to secure content and to define access conditions (pay 
per view, subscription, etc) associated with the content. 

(3) Conditional access agents 28 are located at various points within network to 
act as "brokers" enforcing the security settings that are associated with 
content by content providers 16. Conditional access agents 28 may 
optionally include additional encryption and watermarking technology to 
increase the level of security 'at the last mile'. 

(4) Seciire device servers 44 are located at commerce service providers 42 (e.g., 
pay-media operators) or payment gateways to manage the secure devices 
and associated purses in the field. 
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For the purpose of the unmediately following description, assume that content has 
aheady been decrypted by a content provider 16. Live content requires a slightly different 
approach at the initial stage of content protection (real-time encryption is required). 

A content registration and protection operation is initiated by a content provider 16 that 
has a content item that needs to be secured from unauthorized access. In one embodiment, the 
content provider 16 accesses a Web server operated by the conditional access service provider 
38, from which the content provider 16 downloads a content security management appUcation 
(not shown). The content security management application allows the content provider 16 to 
secure (encrypt) the content and associate the content with particular access criteria. The content 
is registered at the conditional access server 37, operated by the conditional access service 
provider 38, together with the access criteria and a product key that was used for encryption of 
the content A xmique Uniform Resource Locator (URL) linking to the access criteria is included 
in a content description file (ASX, SDP or SAP). The content is thus secured and may now be 
distributed using, for example, unicast or multicast. 

A content ordering operation is commenced upon receipt of a request from a content 
destination 22 (e.g., a user) for specific content The user may, for example, be running a 
browser on a personal computer and want to view a content item provided by of a particular 
content provider 16. When selecting the content item, the browser detects a tag containing a 
URL. The browser passes the URL to the conditional access client 48, also executing on the 
personal computer, to commence a transaction. 

The conditional access client 48 initiates a secure session with a conditional access agent 
28 to request an order for the relevant content item. If the content item is not cached at the 
content distributor 20 as cached content, the conditional access agent 28 retrieves access criteria 
for the requested content item from the conditional access server 36 and forwards a derived 
XML signing request to the conditional access client 48. The conditional access client 48 parses 
the XML signing request, displays order information (such as a price) to the user and prompts for 
a Personal Identification Number (PIN) code and confirmation by way of a user interface. The 
user confirms the order, and the conditional access client 48 digitally signs the order 
confirmation using the secure device 46. The signed order is sent to the conditional access agent 
28 that verifies the signed confirmation order arid the user credentials. The conditional access 
agent 28 manages the content security process (e.g., watermarking, re-encryption) tmtil an access 
time has expired, after which the content destination 22 will no longer be able to access the 
content 

A transaction processing operation occurs concurrently with the content ordering 
operation. More specifically, the conditional access agent 28 wiU forward the signed 
confirmation order (i.e., transaction) to the secure device server 44 of the commerce service 
provider 42 to update a secure device purse and to prepare the transaction for clearing. The 
commerce service provider 42 processes the transaction and makes the appropriate money 
transfers. 
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The secure device server 44 interfaces with an external commerce service provider 42 to 
forward secured transactions. In one exemplary environment, a pay media operator or payment 
gateway is hosted by the service provider 42. The value of the transaction may be negotiated 
between the various parties (content owner/provider, network provider/ISP, payment gateway, 
etc). 

The conditional access client 48 interfaces with the secure device 46 at the content 
destination 22. Example secmre devices 46 are smart cards or e-Tokens. A secure device 46 may 
utilize the PKCS#1 1 interface to provided device independent. 

The content destination 22 may also employ client devices utilizing non-PC client 
platforms, such as Set Top Boxes (STBs) and mobile telephones enabled with (smart card) PKI 
technology. A client device employed at a content destination 22 may run an interactive 
application (such as the OpenTV software suite) to order secure content items using a regular 
pay television smart card. 

The conditional access client 48 and secure device 46 interface with the local content 
server 40 (e.g., a media server) and client applications to secure a control chaimel (such as RTSP 
or HTTP) and data channel (such as MPEG-4 over RTP), 

The secure device server 44 provides an interface for external payment registration 
servers (such as used for regular web sites) to allow automated purse management. 

Overview -Gonditional Access Server 3 6 

As stated above, a conditional access server 36 may reside at a content provider location, 
or may be deployed by a conditional access service provider 38. 
A conditional access server 36 provides at least the following functions: 

(1) Allows content providers 16 to assign access criteria (or rule information) to 
content. 

(2) Allows content providers 1 6 to create and manage content products 
(subscription types). 

(3) Management of the content encryption keys and key distribution to the 
conditional access agents 28. 

(4) Management of subscriptions (generation, storage and distribution) and 
forwarding of signed subscription transactions to a commerce service 
provider (e.g. a payment gateway). 

(5) Processing of transactional information (monitoring). 

Each of the above functions will now briefly be described. The content provider 16 
defines the access criteria (AC) using an access criteria profile editor (or Digital Rights Manager) 
(not shown) that generates a unique URL that is distributed together with the content. The 
generated access criteria are stored in a database together with the appropriate product key 
(optionally encrypted under a storage key), a digital signature and a content tag (i.e., a short 
description). A conditional access agent 28 retrieves the appropriate access criteria when 
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subscribers request access to the associated content The access criteria are stored in such a way 
that retrieval can be performed efficiently (e.g., the criteria are organized by content provider and 
location for which the access criteria is appropriate). 

Conditional access agents 28 are assigned a certain location identifier (ID), according to 
the physical region that they serve. Multiple conditional access agents 28 may be assigned to the 
same location ID. The conditional access server 36 will map the conditional access agent ID to 
the appropriate region ID's to lookup the access criteria that are suitable for that agent, if any. 

As locations may be assigned to multiple regions, and access criteria may be defined for 
multiple regions, there may be a conflict (one location may map to multiple conflicting access 
criteria sets). To address this conflict, the opemtor can associate a region priority code to 
indicate which region should be given priority. 

A content provider 16 may also define new content products and manage subscription 
requests utilizing the conditional access server 36. A content product may, for example, have an 
identifier, a name, duration (usually a month), a start date and end date. A subscription may be 
an "instance" of a content product associated with a certain secure device that ordered the 
product and a subscription start and end date. 

A conditional access server 36 also processes incoming transactions and forwards them to 
the appropriate commerce service provider 42. The content provider 16 may be able to monitor 
the processed transactions. 

Figure 4 is a diagranmiatic representation of a nimiber of real-time processes, databases 
and user interfaces that together provided the functionality of a conditional access server 36, 
according to one embodiment of the present invention. The below described server processes of 
the conditional access server 36 communicate with external processes, such as a conditional 
access agent 28 and the secure device server 44, utilizing the described interfaces. 

A content rights manager 60 allows a content provider 16 to associated access rights and 
criteria with content items. Access rights are organized utilizing profiles in order to reduce 
operational efforts. Profiles may be created utilizing a profile rights manager 62. The profile 
rights manager 62 allows a content provider 16 to create templates for access criteria, based on 
regional, time, payment and subscription parameters. A product manager 64 allows a content 
provider 16 to define content products that are available for subscription. 

A cash monitor 66 is a user interface to monitor the value of transactions for a particular 
content provider 16, potentially in real-time. An access criteria server 68 is a HTTP server 
providing access criteria and keys to conditional access agents 28. 

A subscription form server 70 is a HTTP server providing subscription forms (e.g., a 
signed list of subscriptions) for a specific secure device to conditional access agents 28. 
Specifically, a subscription form is a clear XML text of a ciuxent subscription associated with a 
secure token, signed by the conditional access server 36. A subscription form contains a signed 
list of time-constrained subscriptions bound to an issuer (e.g., a content provider 16) and a secure 
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device serial number. A subscription form is signed by the conditional access server 36 to prove 
the authenticity thereof and maintain integrity. 

A subscriber server 72 is a HTTP server that can securely process subscription requests. 
A transaction server is utilized to monitor transactions and update the real-time cash monitor 66. 

Below are set out a number of tables and fields, according to an exemplary embodiment 
of the present invention, which may be utilized by the conditional access server 36. 

A table Resource represents general resource values for the conditional access server 36. 
This table is used to store system variables such as the port number for accepting AC server 
connections or the debug level. 







Resourceld 




Name 




Value 




DefaultValue 




Description 




Resourceld is 1 
The table Proc 


Ehe unique key. 

luct represents product information. 


..Fields A. 




Productlssuerld 


Issuer of the product 


Productid 




Name 




Duration 


Used in combination with field below. . . 


DurationUnit 


Subscription duration unit 
l=minutes, 2=hours, 3=days, 4=weeks, 
5=months, 6=years 


Duration2 


Absolute value of the duration (future use 
only, when 'Duration' and 'DurationUnit' 
are not flexible enough) 


ParentalCode 


Minimum age for accessing content 


AutoRenewal 


Subscription is automatically renewed after 
expiration (future use) 


StartDate 


Product becomes available for sale 
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EndDate 


Product no long^ available 


InfoURL 


URL to subscription information 



Productlssuerld and Productid form the unique key. 

The table Product AC xQiprQSQnt& the access criteria (usually payment) for a subscription 
using a certain payment gateway or commerce service provider. 





^Descriptioii> " * "U': ■ ' ; ■ v ^ ^ .^y v; 


Productlssuerld 




Productid 




PGWId 


Payment gateway ID 


ParentalCode 


Minimum age (future use, if you want to 
have parental rating control per payment 
gateway. I.e. nationality related) 


Price 


Price in whole units 

(25, 50 is represented as 2550) 



Productlssuerld, Productid and PGWId form the unique key. 
The table Region represents regional information. 





'^Description ' rvr^} , . ' iLV.., l-^- . 


Countryld 




Regionid 




Name 





Countryld and Regionid form the unique key. 

The table Country represents the geographical information. 





^Description ',':V-i"A'^":f^ ■' r • '.' 


Countryld 




CountiyCode 


3 character country code as defined by ISO 
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Name 


Like 'Chello Amsterdam' or 'RoadRumier 



Countryld is the unique key. 
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The table Merchant represents the content providers 16 that have access to the 
conditional access server 36, 





iDe^dription: - :l . iW'^M 


Merchantid 


Merchant 


Name 


Name of the merchant 


EMail 


B-mail address of merchant 


InfoURL 


Link to infomoation 



Merchantid and PGWId form the unique key. 



The table MerchantUser represents the users (operators) of content providers 16. They 
possess a secure token to access the conditional access server 36. This table is used to verify the 
identity of the content providers 16 when he or she logs on to the system. 







Serial 


Secure device serial number 


Merchantid 


Content provider ID linked with the secure 
device. 


EMail 


E-mail address of user 


UserName 


(Optional) name of the user 


AccessRights 


Integer representing user's access rights. 
This allows a way to distinguish the access 
rights of a certain user (for example: A user 
is allowed access to certain applications 
only). 


SecretKey 




PublicKey 





Serial is the unique key. 
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The table MerchantPGW represents the payment gateways (or commerce service 
providers) that have a clearing agreement with the content providers 16. 



field. 



Field,. is^;.- ■.:i:;'vi^vM. 




Merchantid 


Merchant 


PGWId 


Payment gateway 


Merchantid and PGWId form the unique key. 
The table CAAgent represents information about tl 






Networkid 


Network in >?s^ch it is located (e.g. 
RoadRunner) 


Agentid 




Countryld 


Integer representing the country location 


Regionid 


Integer representing the actual location (e.g. 
Amsterdam). 


Type 


Type of agent (token, PCMCIA, etc) 


Version 


Hardware/Software version 


SerialNumber 


Serial number of CA Agent secure device 


Host 


Host (address) of CA Agent 


SecretKey 


CA Agent Secret key (encrypted with 
storage key) 


PublicKey 


CA agent PubUc Key 



Networkid and CAAgentId form the imique key. 
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The table Network represents infonnation about the network of conditional access agents 

28. 





^ijM^CripuOIl lit?- j -t ■ 






Name 


Name of the network provider (e.g. 
@Home) 


Notes 


Contractual notes 


EMail 


E-mail address of network provider 


MbURL 


URL to information about network provider 


The table PaymentGateway represents pajmient ga 






PGWId 




Name 




SdsHostName 




Type 


Type of payment gateway (1 is reserved for 
anonymous payment gateway) 


Foimat 


Currency format string for future use 


ISOCurrency 


ISO currency code 


EMail 


E-mail address of payment gateway 


MbURL 


URL to payment gateway information 



PGWId is the unique key. 
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The table CountryPaymentGateway represents the payment gateways per country. This 
table is used to limit the number of selectable payment gateways depending on the selected 
coimtry/region when assigning access criteria to an item. 







Countryld 




PGWId 





Countryld and PGWId form the unique key. 
Subscription Tables 

The subscription tables are only accessed by the subscription form server 70 and 
subscriber server 72. 

The table SubscriptionForm represents the subscriptions that have been issued to 
subscribers on behalf of a content provider 16. 







Issuerld 


Either 0 (Entriq) or the merchant ID 


_ DeviceSerial 


Unique seriaLofsecuredevice. 


SubscriptionFonn 


Digitally signed subscription form 



Issuerld and DeviceSerial form the unique key. 

Access Criteria Tables 

The table ItemAC links a particular item (content) with an access criteria profile and a 

key. 







Merchantld 


Merchant ED 


Itemid 


Unique item (content) 


Description 


Short description of content, displayed to 
subscriber at confirm. 


Profileld 




Policy 


Policy indicating security parameters 
such as encryption algorithm, key length, 
etc. 
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ProductKQ^ 


(Prime) Product key used for encryption 
of jcontent 


Format 


Encoding format such as MPEG-2 / 
MPEG-4, Real, Windows codec etc. 


Bandwidth 


Bandwidth in bits/second 



Merchantid and Itemid form the unique key. 



There is an index on Description, to allow for quick searching on a description. 

The table ACProfile represents a proJBle for access criteria and links to actual access 
criteria sets. 







Merchantid 




Profileld 




Name 





Merchantid and Profileld form the unique key. 



The table ACProflleCountryBlackout represents the regions that are to be blacked out for 
a certain profile. 



IFidd c:tS-^ 


^Description |:;:::- ::^i^i,3^m 


Merchantid 




Profileld 




Countryld 


Country to be blacked out 



Merchantid^ Profileld, and Countryld form the unique key. 
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The table ACProfileRegionBlackout represents the regions that are to be blacked out for a 
certain profile. 







Merchantld 




Profileld 




Countryld 


Country to be blacked out 


Regionid 


Region to be blacked out 



Merchantld, Profileld, Countryld and Regionid form the unique key. 

The table ACProfileSet represents an access criteria set (conditions) under which an item 
is provided to the subscriber. 







Merchantld 




Profileld 




Gountryld 




Regionid 




Sead 


Sequence number (order is of importance) 


SubscriptionFlag 




Productlssuerld 




Producfld 




PriceFIag 




PGWId 


Payment gateway ID 


PurchasePrice 




TimePriceFlag 




Time 


Viewing time associated with purchase 
price 


TimePrice 


(Used for pricing such as 1 $ per minute) 


ViewTime 


Viewing time associated with recurring 
price (e.g. 1 minute in case of IS per 
minute) 
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LoyaltyFlag 


True if subscriber can earn loyalty points. 


LoyaltySchemeld 


Loyalty scheme such as air-miles or FFP 
(future use) 


LoyaltyPoints 


Number of points (future use) 


ParentalFlag 


True if access is restricted to certain 
minimal age 


ParentalCode 


Minimum age 


TimeWindowFlag 


True if access must be blocked during 
certain hours 


TimeWindowStart 


Local time to start blocking access 


TimeWindowEnd 


Local time to stop blocking access 


DateWindowFlag 


True if access must be blocked before or 
after certain date range 


DateWindowStart 




DateWindowEnd 




FonnattedAC 


Formatted access criteria (future use for 
inq>roved performance) 



Merchantid, Profileld^ Countryld, Regionid and Setid form the unique key. 
Transaction Tables 



The table CashMonitor represents a credit counter for the subscriber transactions and is 
used for monitoring purposes only. 



^Fieia,i*;i#-- ./." 




Merchantid 


Merchant (content provider) 


PGWId 


Payment gateway 


ResetDate 




Subscriptions 


Total subscription revenues since reset date 


PayPerView 


Total PPV revenues since reset date 



Merchantid and PGWId form the unique key. 
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The table Transaction contains all the transactions. 









Merchantid 


Merchant 




Received 






Type 


Subscription/PPV 




CaAgentId 


(0 if subscription) 




Transaction 







Merchantid and Received form the key. 



Overview - Conditional Access Agent 28 

A conditional access agent 28 operates as a secure gatekeeper to actual content provided 
via a content distributor 20. A conditional access agent 28, in one exemplary embodiment of 
embodiment, is co-located with a local content server 40 to "police" local subscriber accesses to 
protected content stored on that media server. 

A conditional access agent 28 provides at least two functions namely (1) a verification 
function that includes verification of content destination (e.g., subscriber) requests for secure 
content against access criteria defined by a content provider 16, and (2) a gateway function 
including decryption, watermarking and re-encryption of secin:e content, depending on content 
security settings. 

Dealing more specifically with the verification function and utilizing the example of a 
subscriber as a content destination 22, a conditional access agent 28 manages subscriber access 
to the content by evaluating the access criteria and the subscriber credentials. The agent 28 
verifies and processes the subscriber request before (and during) the provision of the requested 
content. Access criteria are defined by the content provider 16, signed by a conditional access 
server 36 and distributed as described above.. In one embodiment, the agent 28 selects the first 
appropriate access criteria set based on the user credentials. The selected access criteria set is 
sent to the subscriber for signature. This may require an explicit confirmation from the 
subscriber (in case of a payment) or this may be transparent (in case of a subscription). 
Subscription forms, originally generated by the subscription form server 70, are cached locally at 
the conditional access agent 28. If a subscription form is not available or out of date, the 
conditional access agent 28 retrieves the latest subscription form firom the appropriate content 
provider 16. 

Signed pay per view transactions are also cached by the conditional access agent 28 to 
allow a subscriber to view a movie multiple times within the allowed time window without 
charge. 
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Not all conditional access clients may support all types of access criteria. The 
conditional access agent 28 therefore interprets the client type before suggesting a specific access 
criteria set 

Turning now to the gateway function perfonned by a conditional access agent 28, after a 
subscriber (or user) has been granted access to the content, a request is sent to the local content 
server 40 to 'release' the content. This request contains all the necessary data, including the IP 
destination address / port, subscriber signed access criteria, the subscriber certificate and the key 
to decrypt the content (encrypted with the public key or secret group key of the conditional 
access agent 28). The content is then decrypted, watermarked and optionally re-encrypted with a 
different key (e.g., a unique user key). 

The conditional access agent 28 interfaces with the secure device server 44 to: 

(1) Verify the current debit/credit level of the subscriber (e.g., in the cases of 
PPV or PPT transactions). 

(2) (If required) verify the age of the user associated with the secure device 
server 44. 

(3) Forward the signed PPV/PPT transactions to the secure device server 46 for 
clearing and administration purposes. 

For this interface, the agent 28 acts as the client 

The conditional access agent 28 interfaces with the conditional access server 36 to query 
subscriptions. For this interface, the conditional access agent 28 acts as the client. 

The agent 28 also interfaces with the conditional access server 36 to query access criteria 
and keys and to forward transactional information statistics. 

The conditional access agent 28 interfaces with the conditional access client 48 to send a 
payment request, receive a transaction (signed payment request) and to pass any result messages 
(such as service denial based on insufficient debit/credit, regional blackout, etc). For this 
interface, the conditional access agent 28 acts as the server. 

The conditional access agent 28 interfaces, in one exemplary embodiment, with a media 
client 49 and the content server 40 using the Real Time Streaming Protocol over TCP/IP (for 
control interfacing) or UDP/EP (for data interfacing). In this case, the conditional access agent 
28 usually acts as a transparent proxy, but will carry out specific actions when the subscriber 
attempts to access secured content (such as evaluating the access criteria and the subscriber 
credentials). 

Architecturally, the conditional access agent 28 comprises a nmnber of real-time 
processes that together provide the required functionality. Figure 5 is a block diagram 
illustrating various processes that constitute the conditional access agent 28, according to an 
exemplary embodiment of the present invention. A conditional access agent server 80 
communicates with external processes, such as the conditional access server 36, the secure 
device server 44 and the conditional access client 48 utilizing a number of interfaces. The 
conditional access agent server 80 provides a server implementation of a conditional access 
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agent 28 for the client/agent interface. A conditional access client 48 uses this interface to 
connect to the conditional access agent server 80 to complete a secure XML-based transaction 
based on access criteria associated with a requested content item. At the end of a successful 
session, a product key is transmitted to the conditional access client 48. 

A conditional access agent socket proxy 82 operates as a transparent proxy between a 
media player 84 and the content server 40control channel, and is responsible for preventing 
unauthorized access to the content. 

A conditional access agent transaction manager 86 forwards the transactions from a 
secure agent 88 to the secure device server 44 and sends the received receipt back to the secure 
agent 88 to delete the transactions. 

The secure agent 88 is central to the conditional access agent 28, performs the following 
functions: 

(1) Keeps track of all secure (user) sessions (session id, user IP address, timers, 
etc). 

(2) Decrypts and watermarks content in a controlled fashion. 

(3) Maintains Store and Forward transactions. 

(4) Stores the conditional access agent private key, certificate and the 
conditional access server public key. 

(5) Stores the registered payment gateways and associated Certificate 
Revocation Lists (GRLs). 

The secure agent 88 may, in one embodiment, be implemented in hardware to increase 
the level of content and transaction security. 

An exemplary operational scenario involving the conditional access agent 28 will now be 
described with reference to Figure 5: 

(1) Content destination 22 (e.g., user) selects content. 

The user requests a content description file, such as an ASX file, using a 
regular browser based on HTTP. 

(2) Trigger conditional access client 48. 

A browser 90 identifies a unique tag included in the content description file 
and is configured to forward the URL of the content description file (e.g., 
the ASX file) to the conditional access client 48. The client 48 sets up a 
connection with the conditional access agent server 80, based on the URL, 
to start a secure ordering process utilizing regular HTTP messages. 

(3) Retrieving content description file. 

The conditional access agent 28 retrieves the content description file from a 
Web server 92 using a regular HTTP GET request. From this content 
description file, the access agent 28 retrieves an access criteria URL. 
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Selecting access criteria. 

The conditional access agent 28 retrieves the access criteria using a regular 
HTTP connection with a proxy (which may have the access criteria cached 
from a previous session). The conditional access agent 28 registers a new 
session with the secure agent 88 using the information it has received 
(subscriber information, access criteria, etc). At session creation, the secure 
agent 88 verifies: 

(1) That a payment gateway (associated with the user's token) is 
supported; 

(2) That the serial number is not on the Certificate Revocation List; 
and 

(3) The (default) host of the secure device server associated with the 
user's token. 

Retrieving token information. 

The conditional access agent 28 retrieves the secure device information 
(such as purse information) from the secure device server host to verify 
purse levels and optionally check age restriction settings. 
Constructing the order request/proposal. 

Based on the user credentials, access criteria and local time, the conditional 
access agent server 80 constmcts an order request {the offer) and sends this 
to the conditional access client 48 for approval (or decides to refiise access 
to this particular user). The order request is also registered with the secure 
agent 88, which stores this information together with the other session 
information. 
User signs order. 

The user signs the order and sends the signature to the conditional access 
agent 28 using a regular HTTP POST message. The conditional access 
agent 28 forwards the signature to the secure agent 88. The secure agent 88 
will verify all session infomiation (access criteria, user credentials, local 
time, signature etc.) before granting access. 
Opening of the content 'gate'. 

In a first exemplary embodiment, the content is stored in the clear and the 
security relies on the socket proxy to block unauthorized access. The socket 
proxy can query the secure agent 88 for session infomiation. This is not 
secure as the content is not encrypted and there is no control over which 
files are streamed. 

In a second embodiment, the content is encrypted and a key will therefore 
be required by the conditional access client 48 in order to decrypt the 
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content. The socket proxy will now be a RTSP proxy to provide intelligent 

blocking to implement functionality such as Pay Per Time. 

In case of personalized content security, the secure agent 88 controls the 

gate since the encrypted content will have to go through the to agent 88 to 

be decrypted, optionally watermarked, and re-encrypted. This feature is 

supported for standard compression algorithms, such as MPEG-2, MPEG-4 

andMPEG-7. 

The conditional access client 48 receives an OK (assuming a positive 
authentication and verifiication) from the conditional access agent 28 using a 
regular HTTP message, optionally including the session key enctj^ited 
under the user public key. 
(9) Transaction forwarding. 

Assuming all went well, the conditional access agent transaction manager 86 
forwards the signed order to a secure device server for clearing purposes. 
The signed order is also sent to the conditional access server 36 for 
monitoring and statistics. 

Overview - Conditional Access Client 32 

The conditional access client 32 is executed on a subscriber terminal (e.g., a personal 
computer (or STB), and is responsible for presenting a user interface to a end user-(e.g., a 
subscriber) and also for interfacing between the secure device 46 and other security sub-systems. 

The conditional access client 48, in one embodiment, allows external applications (e.g., 
web clients or plug ins) to manage the secure device 46. The following management requests 
pertaining to the secure device 46 are, in one embodiment, supported; 

(1) Changing of a user Personal Identification Number (PIN); 

(2) Querying the status of the secure device 46 (e.g., error not inserted, ready, etc.); 

(3) Publishing the status of the secure device 46; and 

(4) Querying the secure device serial number and certificate. 

In addition to providing the above described management interface, the conditional 
access client 48 also operates to assign requests, received from the conditional access agent 28, 
and to advise a user accordingly. A signing request that does not require a PIN may be 
transparent to a subscriber. 

Receipt of a request that requires a PIN to sign the request causes the client 48 to display 
descriptive information regarding the request (e.g., a movie title) to the subscriber in conjimction 
with a payment amoimt The subscriber is asked to enter a PIN code. If the request relates to a 
subscription, the client 48 updates a subscription counter on local storage and, in one 
embodiment, on the sectire device 46. This subscription counter is utilized by the conditional 
access client 48 to detect that new subscriptions may be available. If the secure device 46 and 
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the conditional access client 48 do not allow for storage, the client 48 may maintain the 
subscription counter in memory. 

If a subscription request is not successfully completed, the client 48 displays an error 
message to the user, the error message including an error code and an English-language error 
description. In one embodiment, the error code may be mapped to a local error string, instead of 
showing the English-language error description. The error message may also contain a URL, for 
example, identifying a site for which appropriate subscription may be obtained if the lack of such 
a subscription results in the error message. 

Overview — Secure Device 46 

A particular secure device 46 is, in one exemplary embodiment, associated with a 
particular end-user (e.g., a subscriber). In various exemplary embodiments, the secure device 46 
may be a dedicated device specifically for use within the content distribution system 10; a shared 
device manufactured for use within a different system (e.g., a banking system), but also 
leveraged within the content distribution system 10; or an embedded device that is embedded 
within a closed media device (e.g., a smart card in a Set Top Box (STB)), or a SIM card in a 
mobile telephone that is again for use in alternative system, but leveraged within the content 
distribution system 10. 

A minimxmi requirement for the secure device 46, in one exemplary embodiment, is that 
its supports digital signing using private/public key technology. Secure devices 46 embedded in 
close media devices need not adhere to specific requirements, other than providing sufficient 
security to warrant protection of a user private key. Shared seciure devices (e.g., banking cards), 
in order to be utilized within the content distribution system 10, are required to adhere to at least 
a subset of the requirements defined below, this subset of requirements varying depending on the 
commercial and technical issues. A set of requirements, according to one exemplary 
embodiment of the present invention, for dedicated secure device are set out below. 

In one embodiment, a dedicated secure device 46 hosts at least two private keys, namely 
a first private key for encryption and a second private key for signing. The private key for key 
encryption is available to external applications without user PIN submission. The private key for 
signing is only available to external applications after PIN submission. 

The secure device 46 may have a co-processor for secure RSA signing with the secure 
device unique private key. 

Storage within the secure device 46, in one embodiment, follows the PKCS#1 1 model 
and may offer: 

• Public storage, available for guests (read), admin (read/write) and user (read/write). 
This storage is used for public keys (label: "Public key" and 'Tublic key encrypf ), 
certificates (label: "Certificate", 1500 bytes) and public firee format system 
information (label: "System data", 400 bytes). The firee format ^y^^em information 
shall contain a valid XML string with various Entriq and other system defined tags. 
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• Private storage, available for admin (read) and user (read/write). This storage is used 
for free format user information (label: "User data", 800 bytes). The free format user 
information shall contain a valid XML string with various Entriq and other defined 
tags. 

• Two-Factor secret, available for user (write/use). This storage is used for the signing 
private key (label: "Private key"). 

• One-Factor secret, available for guests (use), admin (use) and user (write/use). This 
storage is used for the key decryption private key (label: "Private key decrypf '). 

The secure device 46may also be pre-configured with two public/private key pairs, and a 
certificate signed with the private key of a commerce service provider 42 (or payment gateway). 
This private key of the payment gateway is hosted by a secure device 46 manufacturer to allow 
the secure device 46 to be pre-loaded with a valid certificate by delivery into the field. The 
certificate may, in one embodiment, be X.509 compliant. 

The secure device 46 is fiuthermore personalized with a fixed PIN code, and may allow a 
user to set a new PIN after submission of a current user PIN. 

Distributed Secure Agents 

The content distribution system 10, as described above with reference to Figures 1 - 3, in 
one embodiment, proposes that content be encrypted at a content provider 16, and then 
distributed to regional content distributors 20 (e.g., broadband Internet Service Providers 
(ISP's)). Conditional access agents 28 are deployed at these content distributors 20 to evaluate 
content requests from content destinations operating conditional access cUents 32 before delivery 
of the requested content occurs. Upon appropriate authorization of a request, at the content 
distributor 20 and under control of the conditional access agent 28, the requested content is 
decrypted and at least one association operation performed on the content before it is forwarded 
to the content destination 22. The association operation performed at the content distributor 20 
may include personal watermarking of the content and/or personal re-encrypting of the content, 
as will be described in further detail below. With respect to a watermarkrug operation, the 
identity of a specific consumer at the content destination 22 is "embedded" in the watermarked 
content, and the identity of the content consumer can accordingly be detected if the derivative 
copy of the content is distributed in an unauthorized manner. Accordingly, a content consumer 
will be discouraged from forwarding copies of the content to others if an imauthorized derivative 
copy of the content can be traced back to the relevant content consumer utilizing a watermark. 

A content consumer (i.e., requesting user) is, in one embodiment, is verified utilizing a 
public/private key, and additional certificates, that may be stored on a tamper-proof device (e.g., 
a smart card or mobile telephone). The certificate contains information that may be utilized to 
identify a secure device 46 associated with the content consumer. A conditional access agent 28 
trusts a nxmiber of Certification Aufliorities (CA) and maintain a Certification Revocation List 
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(CRL) of a Certification Authority to prevent unauthorized access with compromised secure 
devices 46. 

The content distribution system 10, which deploys distributed conditional access agents 
28 to represent the interests of content providers 16, provides a number of advantages. Firstly, 
moving security functionality, implemented by a conditional access agent 28 in the manner 
described below, away from an end user device (e.g., a secure device 46) increases security as 
this functionality is located outside the reach of hackers at a content destination 22. Secondly, 
there are economic benefits, as certain security functionality is removed from the content 
destination 22, and is thus more easily managed and maintained, 

A further advantage is that personal re-encryption of content (e.g., utilizing a unique user 
key) requires that an unauthorized distributor redistribute the entire content, as opposed to just 
relevant keys. 

Fourthly, personal watermarking of content at a remote conditional access agent 28 
makes it difficult for a hacker to impact a watermarking process. 

Fifthly, the use of public/private key technology at a conditional access agent 28, in the 
manner described below, makes the solution scalable. 

The content distribution system 10 provides security fimctionality in a distribution system 
that "pushes" content to the edges of a network before it is delivered, possibly on demand, to 
content consumers. ^ 

Finally, the content distribution system 10, in one embodiment, utilizes secure tokens 
such as banking, GSM, or pay media smart cards that are already in wide distribution, thus 
allowing for a large content consumer network. 

Figures 6A - 6B show a flow chart illustrating a method 120, according to an exemplary 
embodiment of the present invention, of processing a content request received from a content 
destination 22. When discussing the method 120, it is assumed that the requested content is 
stored at, or redistributed from in the case of live multicasting, a local content server 40 (e.g., 
video file server or router) that operates in conjunction with a conditional access agent 28. If a 
conditional access agent 28 is unavailable, a user will fail to obtain access to the required keys. 

At block 122, a content consxuner, for example utilizing a secure device 46, issues a 
request via the network 18 to a content distributor 20, operating a conditional access agent 28, to 
deliver (e.g., via streaming) particular content In response to the issuance of such a request, a 
conditional access client 48 executing on a user viewing device (e.g., a PC or set top box) 
initiates communications with an appropriate conditional access agent 28, via a network 18, to 
obtain the necessary keys. Specifically, at block 122, as part of the request, the conditional 
access cUent 48 conmiunicates a user certificate (e.g., issued by a payment gateway) and 
optionally a copy-protected device certificate to the conditional access agent 28. 

At block 124, the content distributor 20 utilizing the conditional access agent 28, verifies 
the received user certificate and optionally the copy-protected device certificate by verifying a 
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challenge communicated by the client 48 to the agent 28 in association with the user device and 
copy-protected device certificates. 

At block 126, the content distributor 20 utilizing the conditional access agent 28, 
retrieves access criteria and a product key related to the requested content from a content 
provider 16. As discussed above, the access criteria and the product key (Sp) are encrypted with 
a public key of the conditional access agent 28 so that only the specific conditional access agent 
28 is able to access the product key. 

The retrieval of the access criteria and product key involves the conditional access agent 
28 issuing a request to a conditional access server 36, responsive to which the server 36 verifies 
regional constraints associated with the requested content in order to return the appropriate 
access criteria. Specifically, access criteria may differ per region, and accordingly per 
conditional access agent 28. 

The conditional access server 36 secures the access criteria and product key by 
encrypting the product key with the public key of the conditional access agent 28, and signs the 
access criteria, including the encrypted product key, with the conditional access server 36 private 
key. The product key will thus only be available to the intended conditional access agent 28. 

At block 128, the content distributor 20, and specifically the conditional access agent 28, 
verifies the signature of the access criteria and the product key using a certificate of the content 
provider 16, as provided by a trusted third-party. A public key of the trusted third-party would 
be well known, and embedded within the conditional access agent 28. 

In an alternative embodiment, performance constraints imposed by large live events (e.g., 
a popular soccer game) may require that the access criteria and the product key are signed 
utilizing a shared secret key as opposed to the private key of the conditional access private key. 

At block 130, the content distributor 16, and specifically the conditional access agent 28, 
decrypts the received product key associated with the requested content, utilizing a private key of 
the conditional access agent 28. 

Turning now to Figure 6B, at block 132, the conditional access agent 28 of the content 
distributor 20 requests information concerning a secure device 46 of a content consumer from the 
secure device server 44 of a commerce service provider 42 (e.g., payment gateway). This 
information concerning the secure device 46 may include a purse value, date of birth, geographic 
location, etc., and is signed by the commerce service provider 42. In an alternative embodiment, 
performance constraints imposed by a large live event may required that the information 
concerning the secure device 46 be signed utilizing a shared secret key as opposed to a private 
key of the commerce service provider 42. 

At block 134, the conditional access agent 28 of the content distributor 20 receives 
subscription information firom the conditional access server 36, this subscription information 
having been signed by the content provider server 34. 

At block 136, utilizing the required information (e.g., the secure device information, 
access criteria, subscriptions, etc.), the conditional access agent 28 of the content distributor 20 
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constnicts an order request based on a current date and time, signs the order request, and 
transmits the order request to a conditional access client 48 of the content consumer for 
acceptance. The conditional access agent 28 utilizes a secure clock to validate the current time 
against the access criteria settings of the content provider server 34. The order request may 
furthermore consist of a number of order options, if applicable (e.g., a pricing of $8.00, or $4.00 
for a predetermined amoimt of time plus $1.00 per minute thereafter). 

At block 138, the conditional access client 48 of the content consumer verifies a signature 
of the conditional access agent 28 with which the order request has been signed and prompts the 
\iser for a PIN to confirm the order. The PIN is utilized to sign the order utilizing the secure 
device 46, and a resulting order confirmation (signed) is transmitted back to the conditional 
access agent 28 of the content distributor 20. 

At block 140, the conditional access agent 28 verifies the collected data (in a physically 
secure environment). The collected data includes access criteria, a user signature, a user 
certificate (signed by the commerce service provider 42), a copy-protected device certificate, 
subscriptions, current purse levels, and a user date of birth. 

If the request passes the verification process, the conditional access agent 28 then 
establishes a secure session with the conditional access client 48, and generates a unique user key 
(Uk). The unique user key (Uk) is then encrypted with a public key of a copy-protected device 
associated with the secure device 46, and communicated to the conditional access cHent 48 using 
the secmre session. If a copy-protected device is not available, and not required according to the 
access criteria, the imique user key may be encrypted utilizing a pubUc key of the secure device 
46. 

Figure 7 is a flowchart illustrating a method 150, according to an exemplary embodiment 
of the present invention, of securely delivering content from a content provider 16 to a content 
consumer via at least one content distributor 20, where the content distributor 20 performs an 
association operation (e.g., watermarking or encryption) relating to the content In the method 
150, the at least one content distributor 20 is uniquely authorized to perform the operation 
relating to the content. 

The method 150 commences at block 152 with the encryption by a content provider 16, 
and more specifically a conditional access server 36, of content with a product key (Sp). This 
encrypting of the content is automatically performed prior to a scheduled distribution of 
particular content to multiple content distributors 20 for local distribution to content destinations 
22. Alternatively, the encryption of the content may be performed, in the event of a Kve event, 
on the fly and concurrently with provision of the content from the content provider 16 to a 
content distributor 20. In yet a further embodiment, the encryption of the content may be 
performed responsive to receipt of a request, at the content provider 16, for the specific content 
from a particular content destination 22. 

Having encrypted specific contont with the product key (Sp), the conditional access server 
36 of the content provider 16 then encrypts the product key (Sp) with a public key of a specific 
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content distributor 20. In one embodiment, the public key in which the product key is encrypted 
is the pubic key of a secure device accessed by a conditional access agent 28. 

The content provider 16 then transits the encrypted content and the encrypted product key 
to the content distributor 20. 

At block 154, the content distributor 20, and more specifically the conditional access 
agent 28, operates to decrypt the product key within a secure, tamper proof environment. A 
tamperproof environment may be provided by tamperproof hardware, such as an nCypher 
cryptographic hardware card, tamperproof software, or by a regular PC physically protected firom 
unauthorized access. 

Having then decrypted the product key, the content distributor 20, and specifically the 
conditional access agent 28, proceeds to decrypt the content utilizing the product key, again 
within the secure, tamper proof environment facilitated by a secure device. 

Having decrypted the content, the conditional access agent 28 then operates to perform an 
association operation relating to the content. In one exemplary embodiment, this operation 
constitutes watermarking a copy of the content for distribution to a specific content destination 
22, a specific content consumer, or an identified group of content destinations 22 or content 
consumers. Watermarking is a mechanism to, in one embodiment, embed arbitrary data into an 
audio or video signal, where the embedded data is not easily detectible and/or removable firom 
the resulting signal. "Individual watermarking" is a process of watermarking a signal for a 
specific content destination 22 (e:g., a content consumer or-user) such that-the-identity^o 
content consumer can be traced back in case the resulting signal is subject to unauthorized 
distribution. The watermarking of the content allows a content distributor 20 (or a content 
provider 16) to associate a specific copy of the content, uniquely watermarked, with a specific 
content destination 22. 

Having performed the operation relating to the content, the conditional access agent 28, 
again within the secure tamper-proof environment, generates a unique user key (Uk), and re- 
encrypts the content with this imique user key. 

As all operations within block 154 are performed within the secure, tamper-proof 
enviroimient, it will be appreciated that the interests of the content provider 16 are well 
protected, and that the product key is not exposed outside the secure environment. Further, only 
an authorized entity (e.g., a specific conditional access agent 28) is authorized to reveal the 
product key within the secure environment as the private key of a secure device of the agent 28 is 
required to decrypt the product key. In this way, the content provider 16 exercises strict and 
rigorous control of which entity is able to decrypt the product key. 

In one exemplary embodiment, at block 156, the content distributor 20, utilizing the 
conditional access agent 28 and within the secure tamper-proof enviroimient, encrypts the 
product key with the unique user key (Uk). The content distributor 20 then also encrypts the 
unique user key with a public key of the content destination 22. At block 158, the content 
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distributor 20 transmits the encrypted content, the encrypted product key, and the encrypted 
unique user key to the content consumer at a content destination 22. 

At block 160, the content consumer at the content destination 22 decrypts the imique user 
key u tilizin g a private key of the seciure device 46, then decrypts the product key utilizing the 
imique user key, and jBnally decrypts the watermarked content utilizing the decrypted product 
key. 

As disciissed above, the method 150 is particularly advantageous in that it enables a 
content provider 16 to authorize a specific content distributor 20 to perform an operation relating 
to the content, and in one embodiment, to contribute to combating authorized distribution. Such 
operations may include, for example, watermarking or fiirther encryption of the content In 
addition to the authorization being specific to a content distributor 20, the method 150 is also 
advantageous in that the operation is performed in a secure, tamper-proof environment within 
which the interests of the content provider 16 are protected and the product key is subject to very 
limited and controlled exposure. 

In this way, a content provider 16 is provided with assurances that distributed secure 
agents (e.g., conditional access agents 28) located at various distribution points operate to protect 
the interests of the content provider 16. The content provider 16 is thus provided with a degree 
of security and assurance regarding operations tiiat are performed by content distributors 20 and 
the content provider 16 is thus likely to entrust distribution of sensitive and very valuable content 
to such a content distributor 20. 

Further, by perfomiing the operation at block 154 (e.g., watermarking or encrypting) 
prior to actual delivery of the content to a consumer (i.e., within the network), ttie risks of piracy 
are reduced Upgrades to a secure agent (e.g., the conditional access agent 28) are also more 
easily implemented than upgrades to processes at consxmier locations. 

In conclusion, the method 150 enables an association operation (e.g., a watermarking 
process) to be distributed to content distributors 20 located at ISPs and therefore closer to content 
consumers. This is advantageous in that it enables load management. The method 150 also 
addresses concerns of a content provider 16 regarding security resulting jfrom that, in order to 
perform certain operations on the content (e.g., a watermarking operation) at a distributor 20, the 
content must "be in the clear" in order to properly perform the operation. The method 1 50 
addresses this concern by providing a secure environment in which the operation is performed, 
and providing the content provider 16 with control over which content distributors 20 are 
authorized to generate clear content within the secure, tamper-proof environment with the 
purposes of performing such operations. 

Methodology - Variable Kev Content Differentiation 

So-called *Tcey hook piracy" occurs when an authorized, but fraudulent, user distributes 
decryption keys, that may be utilized to decrypt content to unauthorized users. Distributing such 
a single decryption key over networks, such as Ae Internet, can be done effectively. 
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Figures 8A and 8B are block diagrams illustrating, at a high level, a method, according 
to an exemplary embodiment of the present invention, of combating "key hook piracy". With 
specific reference to Figure 8A, the present invention proposes encrypting clear content 24 with 
a relatively large nimiber of session keys 98 to generate encrypted content 26. In one 
embodiment, the session keys 98 comprise a sequence of random, time-varying session keys. 

Figure 8B illustrates further details regarding the distribution of content and the session 
keys 98, according to an exemplary embodiment of the present invention. The content provider 
16 is shown to firstly distribute encrypted content 26 (i.e., clear content 24 encrypted with the 
session keys 98). In one embodiment, the content provider 16 may distribute the encrypted 
content 26 directly to a content destination 22. In an alternative embodiment, the encrypted 
content 26 may be distributed to a local content server 40 at a content distributor 20, and cached 
by the local content server 40 for eventual distribution to a content destination 22. 

The conditional access server 36 at the content provider 16 also operates to encrypt each 
of the session keys of the sequence of the time-varying session keys with a product key (Sp), and 
to distribute the encrypted session keys to the conditional access agent 28, as indicated at 104. 
The conditional access server 36 also operates to encrypt the product key (Sp) with the public key 
of a specific conditional access agent 28, and then to distribute the encrypted product key to the 
specific conditional access agent 28, as indicated in Figure 8B at 106. During delivery to a 
conditional access client 48, the conditional access agent 28 replaces the session keys encrypted 
with the product key (Sp) with session keys encrypted with a unique user key (Uk), instead of the 
product key (Sp). Specifically, prior to deliver to a conditional access cHent 48, the conditional 
access agent 28 decrypts the encrypted product key received from the conditional access server 
36 utilizing the private key (or secret key) of the conditional access agent 28, decrypts the 
sequence of session keys encrypted with tiie product key, and then re-encrypts the sequence of 
session keys utilizing the unique user key (Uk). The re-enciypted sequence of session keys is 
then distributed fi:om the conditional access agent 28 to the conditional access client 48, as 
indicated at 108. The conditional access agent 28 also distributes the unique user key (Uk) to the 
conditional access cUent 48 via a secure authorization channel, as indicated in Figure 8B at 1 10. 

At the conditional access client 48, the user key (Uk) is utilized to decrypt the re- 
encrypted sequence of session keys, the decrypted session keys then in turn being available to 
decrypt the encrypted content 26. 

It will be appreciated, utilizing the above-described system, the product key (Sp) remains 
protected firom access at a content destination 22 as it is only communicated from the conditional 
access server 36 to the conditional access agent 28, and is at no time exposed to the conditional 
access client 48. For additional security, the decrypting of the product key is performed at the 
conditional access agent 28 utilizing a tamperproof device (e.g., a smart card). 

The user key (Uk) is by itself useless to users other than the recipient that receives this 
user key via the secure authorization channel. An authorized user is furthermore discouraged 
fi-om performing "key hook piracy" in that such an authorized user will be required to send all 
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session keys to an unauthorized \iser to enable liie imauflioTized user to access the encrypted 
content By generating a large number of session keys, the effort to forward such session keys to 
unauthorized users approaches the effort of forwarding the entire encrypted content. 

Figures 9-10 tQustrate a number of flow charts providing further details regarding the 
operations performed at the conditional access server 36, the conditional access agent 28 and the 
conditional access client 48. 

Figure 9 is a flow chart illustrating a method 300, according to an exemplary 
embodiment of the present invention, of encrypting content utilizing a random, time-varying 
sequence of session keys, so as to combat 'Tcey hook piracy". The method 200 commences at 
block 202 with the generation, at a conditional access server 36, of a sequence of random, time- 
varying session keys 98. As described with reference to Figure 2, the conditional access server 
36 may be deployed at a content provider 16, or at a conditional access service provider 38 that 
is accessed by a content provider 16. 

At block 204, specific content is encrypted utilizing the random, time-varying sequence 
of session keys prior to distribution of the content from a content provider 16. Content is 
typically but not necessarily encrypted using symmetric block or stream ciphers such as DES, 
AES (Rijndael) or RC4, 

At block 206, the conditional access server 36 encrypts each session key with a product 
key (Sp), the product key being xmiquely associated with the relevant content. The session key is 
typically but not necessarily encrypted using symmetric block ciphers such as DES or AES 
(Rijndael). 

At block 208, the content provider 16 transmits the encrypted content to a content 
distributor 20, for storage on the local content server 40. Altematively, the content provider 16 
may, in one embodiment, distribute the encrypted content direcfly to a content destination 22. 

At block 208, the content provider 16 distributes the encrypted sequence of session keys 
98, as indicated at 104 in Figure SB, to one or more conditional access agents 28, deployed at 
one or more content distributors 20. 

At block 210, a content distributor 20 stores (or caches) the encrypted content on a local 
content (or media) server 40 that is associated with a conditional access agent 28. 

It will be appreciated that, upon completion of the method 200, a content provider 16 has 
delivered to a content distributor 20 encrypted content that a content distributor 20 is uniquely 
enabled to access. The content distributor 20 is enabled o perform one or more operations with 
respect to the encrypted content and/or the sequence of session keys. 

Figure 9 describes the method 200 whereby a content provider 16 provides encrypted 
content, and an associated sequence of session keys, to a content distributor 20 for caching at the 
content distributor 20. Figures IDA - lOB show a flowchart illustrating a method 220, 
according to an exemplary embodiment of the present invention, of distributing the cached 
content from a content distributor 20 to a content destination 22, responsive to a request for the 
relevant content from the content destination 22. Accordingly, the method 220, in one 
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embodiinent, assumes that requested content is cached at a local content server 40 of a content 
distributor 20. In an alternative embodiment, the method 220 may be performed where content 
is broadcast in a near real-time maimer (e.g., for a live sporting event). 

The method 220 commences at block 222 with the receipt of a request at a conditional 
access agent 28 of a content distributor 20 for content from a conditional access client 48. The 
request includes a user device certificate, issued by a commerce service provider 42 (e.g., a 
payment gateway) to identify the requesting user. The request also includes a copy-protected 
device certificate to identify the viewing device and a client challenge that is used to authenticate 
the agent 28 to the client 48. 

At block 224, the conditional access agent 28 transmits a request to a conditional access 
server 36, associated with a content provider 16 that is an ovmer or provider of the requested 
content, for (1) the product key (Sp) in which to decrypt the content and (2) rule information or 
access criteria, associated with the requested content. 

At block 226, the conditional access server 36 verifies regional constraints associated 
with tiie content in order to return the appropriate access criteria. Specifically, access criteria 
may differ by region, and accordingly per conditional access agent 28. 

At block 228, the conditional access server 36 encrypts the product key with a public key 
of a secure device associated with the requesting conditional access agent 28, thereby ensuring 
that only the specific conditional access agent 28 is able to access the product key. 

At block 230, the conditional access server 36 attaches a signature to the rule 
information, or access criteria, and to the encrypted product key, to thereby cryptographically 
bind the access criteria with the product key. 

At block, 232, the conditional access agent 28 receives the access criteria and product 
key, and verifies the signature of the access criteria and the product key utilizing a supplied 
certificate for the conditional access server 36, which is signed by a trusted third party. The 
public key of the trusted third party is well known and, in one embodiment, embedded within the 
conditional access agent 28. 

At block 234, the conditional access agent 28 requests and receives from the commerce 
service provider 42 secured device information (e.g., a purse value, date of birth, regional control 
information, etc.). This secure device information pertains to the secure device 46 of the content 
consxmier and is signed by the commerce service provider 42. 

At block 236, the conditional access agent 28 requests and receives subscription 
information from the conditional access server 36, this subscription information again being 
signed by the conditional access server 36. 

At block 238, the conditional access agent 28 constructs an order request utilizing the 
acquired information (e.g., the secure device information, access criteria and subscription 
information), signs the order request, and communicates the order request to the conditional 
access client 48 associated with the content destination. 
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At block 240, the conditional access client 48 verifies the signature of the conditional 
access agent 28, confirms the order request, and signs and returns an order confirmation to the 
conditional access agent 28. 

Turning now to Figure lOB, at block 242, the conditional access agent 28 verifies the 
collected data (e.g., access criteria, user signature, user device certificate, copy-piotected device 
certificate, subscriptions, current purse levels and user date of birth) within a physically secure 
environment implemented at the content distributor 20, 

At block 244, the conditional access agent 28 creates a secure session with the 
conditional access client 48, and generates a unique user key. 

At block 246, the conditional access agent 28 encrypts the unique user key with (1) the 
public key of a copy-protected device or (2) a public key of the secure device 46 associated with 
a content consumer at the content destination 22. 

At block 248,the conditional access agent 28 processes the encrypted session keys 98 
associated with the content, the sequence of encrypted session keys 98 having been received at 
the conditional access agent 28 at block 208 of the method 200 described above with reference to 
Figure 9. Specifically, at block 248, each session key, as encrypted with the product key, is 
decrypted and then re-encrypted with the unique user key. As will be recalled, the product key 
was encrypted with the public key of the conditional access agent 28, and communicated to the 
conditional access agent 28 at block 228 shown in Figure lOA. The personal re-encryption of the 
sequence of session keys utilizing the unique user key is useful in that it requires a "hacker" to 
redistribute the entire sequence of session keys. 

At block 250, the conditional access agent 28 transmits the sequence of session keys 
encrypted with the unique user key to the conditional access client 48 at the content destination 
22. 

At block 252, the conditional access client 48 decrypts the sequence of session keys, 
utilizing the unique user key, which was received by the conditional access client 48 at block 256 
from the agent 28. 

At block 254, flie conditional access chent 48 then decrypts the encrypted content 
utilizing the decrypted session keys. 

Conditional Access Service Provider 38 

According to a fiirther aspect of the present invention, and as described briefly above 
with reference to Figure 2, a pay media conditional access service provider 38 operates to 
provide "outsourced" content security function to multiple content providers 16. Utilization of 
security functions provided by such a service provider 38 may be attractive to content providers 
16, as the setup, maintenance and operational costs associated with providing such security 
functions in-house (e.g., by operating an in-house conditional access server 36) may be high for a 
single content provide 16r. 
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The content security functions, according to an exemplary embodiment of the present 
invention, that may be provided by a conditional access service provider 38 include the secure 
storage and distribution of content encryption keys and associated access criteria (or mles), and 
also the provision of a secure and scalable key distribution system that is able to manage a 
potentially large number of content consumers. 

Figure 11 is a block diagram illustrating a pay media conditional access service provider 
38, according to an exemplary embodiment of the present invention, and shows an interaction of 
the conditional access service provider 38 with multiple content providers 16, as well as one of 
multiple conditional access agents 28. At a high level, content is encrypted at either the content 
provider 16 or alternatively at the service provider 38, after which a key and access criteria (or 
rules) are registered with the conditional access service provider 38. The service provider 38 
thereafter assumes responsibility for management of user authentication and key distribution, in 
the manner described below. In this way, conditional access services are provided by the service 
provider 38, instead of the traditional approach that requires a substantial investment from each 
content provider 16. 

As stated above, a number of advantages flow from having multiple content providers 16 
share a common key storage and distribution infrastmcture (e.g., the service provider 38). 
However, a nimiber of challenges face such a service provider 38. Specifically, a number of 
security issues require attention to secure product key creation, storage and distribution. 
Exemplar security issues that are addressed by the present-invention include: 

1 . Random product key generation: It will be appreciated that a product key generated 
by content provider 16, in one embodiment, is random (i.e., approaching a true 
random key) and created in an environment trusted by the content provider 16. 

2. A product key is protected from access by a pay media conditional access provider 38 
while stored in a database maintained by the service provider 38. 

3. A product key is protected during transport between the service provider38 and the 
content provider 1 6. 

4. An association of a product key with access criteria (or rules) is restricted to 
authorized users only. 

The specific methodologies by which the above issues are addressed are described in further 
detail below with reference to the flow charts shown in Figures 12 - 15. 

Referring again to Figure 11 by way of architectural description, a pay media conditional 
access service provider 38 is shown to deploy an ASP conditional access server 37, which 
cooperates with a server secure device 39. The conditional access server 37 operates to perform 
substantially the same functions as a conditional access server 36 that may be deployed by a 
content provider 16, and is described above. The server secure device 39 is utilized by the 
conditional access server 37 to provide a secure, tamper-proof environment within which to 
perform certain operations, as will be described in further detail below. 
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A conditional access agent 28 is also shown to deploy an agent secure device 29, which is 
similarly used by the agent 28 to provide a seciure, tamper-proof environment in which to 
perform certain operations. Each content provider 16 also deploys a provider secure device 17 to 
again provide a secure, tamper-proof environment for certain sensitive operations. 

Figure 12 is a flow chart illustrating a high level method 280, according to an exemplary 
embodiment of the present invention, whereby a conditional access service provider 38 provides 
sectirity functions to multiple parties within a content distribution system 10. 

At block 282, a product key, and optionally the access criteria (or rules), are 
communicated from a content provider 16 to the service provider 38, and specifically to the 
server secure device 39 of the service provider 38. The product key and the access criteria are 
then encrypted, within the server secure device 39 with a storage key, and stored by the 
conditional access server 37. 

At block 284, a secret agent key is communicated from a conditional access agent 28 to 
the secure server device 39 of the service provider 38, encrypted with a stomge key within the 
server secure device 39, and stored at the service provider 38, 

At block 286, a content provider 16 distributes content, encrypted with the product key, 
to a local content server 40 of a content distributor 20. As described above, the local content 
server 40 operates to cache the encrypted content, in one exemplary embodiment, for regional 
distribution. As also illustrated in Figure 11, the local content server 40 operates in conjunction 
with a conditional access agent 28 deployed by content distributor 20. 

Returning to Figure 12, at block 288, responsive to a request from a conditional access 
agent 28, the product key, encrypted by the service provider 38 with the secret agent key, is 
communicated to the conditional access agent 28 from the ASP conditional access server 37. 

At block 290, the conditional access agent 28 decrypts, and optionally performs a 
personalization (or association) operation with respect to the content so that the content is 
uniquely associated with a particular content destination 22 (e.g., a particular user). This 
personalization (or association) operation may comprise a watermarking operation to watermark 
the content and thereby generate a derivative of the original content that is unique to the relevant 
content destination 22. 

The personalization (or association) operation may also include re-encrypting the content 
with a unique user key, as described above. 

At block 292, the conditional access agent 28, in conjunction with the local content server 
40, distributes the content to a content destination 22 (e.g., a user). 

Rgure 13 is a flow chart illustrating a method 300, according to an exemplary 
embodiment of the present invention, of generating a product key at a content provider 16 and 
storing the product key at a conditional access service provider 38. 

At block 302, a product key is created at the content provider 16 utilizing a random 
number generator 19 and optionally a provider secxure device 17, to thereby provide a high 
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degree of randomness for the product key. It would be appreciated that a high degree of 
randomness is desirable to provide an increased level of security for the product key. 

At block 304, the product key is encrypted utilizing a public key of the server secure 
device 39of the pay media conditional access service provider 38. 

At block 306, rule information (e.g., access criteria) associated with the content encrypted 
utilizing the product key is identified. The encrypted product key is then optionally combined 
with this rule information by signing both the product key and the rule information utilizing a 
private key of the content provider 16. 

At block 308, a content provider certificate is attached to the encrypted product key (and 
optionally the combined rule information), and the encrypted product key, rule information, and 
provider certificate are communicated to the ASP conditional access server 37 operated by the 
service provider 38. 

Turning now to activities performed at the service provider 38, at block 310, the ASP 
conditional access server 37 verifies the content provider certificate and signature, and submits 
the encrypted product key to the server secure device 39. 

At block 312, within the secure environment provided by the server secure device 39, the 
encrypted product key is decrypted utilizing the private key of the secure server device 39. It 
will be recalled that the product key was, at block 3 14, encrypted utilizing the public key of the 
server secure device 39. 

At block 314, fhe product key is re-enciypted with a S3rmmetric storage key, and stored 
within a server database. Furthermore, within the database 41, the encrypted product key (now 
encrypted with the storage key) is logically linked to the content provider 16 that submitted the 
product key. 

In the event that rule information was submitted in conjunction with the product key, this 
rule information is similarly stored within the database 41, and also linked with the content 
provider and product key within the database 41 . 

By only revealing the product key in the clear within the secure environment provided by 
the server secure device 39, and encrypting the product key with a symmetric storage key prior 
to storing the product key within the database 41, it will be appreciated that access to the product 
key by the pay media conditional access service provider 38 is effectively prevented. The 
storage key is managed by the operator that hosts the conditional access server 37 (such as 
Sentriq) and is cycled on a regular basis for new product keys. The storage key must be securely 
managed since it used to protect many product keys that in tum can decrypt many content items. 

Figure 14 is a flowchart depicting a method 320, according to an exemplary embodiment 
of the present invention, of distributing an agent secret key firom a conditional access agent 28 to 
the ASP conditional access server 37. 

The method 320 conunences at block 322, with the receipt at the conditional access agent 
28 of the public key of the server secure device 39. 
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At block 324, the agent 28 encrypts an agent secret key utilizing the public key of the 
server secure device 39. The agent secret key is used to secure communication between the 
server 37 and the agent 28 

At block 326, the agent 28 signs the encrypted agent secret key utilizing the agent secure 
device 29, and the encrypted agent secret key is transmitted to the ASP conditional access server 
37, together with an agent certificate of the agent 28. 

Turning now to activities performed by the ASP conditional access server 37, at block 
328, the conditional access server 37 verifies the agent certificate and signature and, at block 
330, submits the encrypted agent secret key to the server secure device 39. 

At block 332, the server secure device 39 operates to decrypt the agent key within a secure 
environment, and then re-encrypt the agent secret key utihzing the synmietric storage key. The 
re-encrypted agent key (encrypted utilizing the storage key) is stored within the database 41, and 
logically linked to an associated conditional access agent 28. 

Figure 15 is a flow chart illustrating a method 340, according to an exemplary 
embodiment of the present invention, of product key distribution from the conditional access 
service provider 38 to a conditional access agent 28. 

At block 342, a conditional access agent 28 issues a request for a product key to the ASP 
conditional access server 37. This request may be for Ucense generation purposes, or for the 
purpose of decrypting content, stored at local content server 40 in order to perform an association 
operation on clear content, or merely to distribute the clear content to a content destination 22. 

At block 344, the server 37 transmits the encrypted product key (encrypted with the 
symmetric storage key) and the encrypted agent secret key (again encrypted with the symmetric 
storage key) to the server secure device 39. 

At block 340, the server secure device 39, within a secure environment, decrypts both the 
product and agent secret keys, so that these keys are only in the clear within the secure 
environment. 

At block 348, the server secure device 39 then encrypts the product key with the agent 
secret key. 

At block 350, the server secure device 39 returns the encrypted product key (encrypted 
with the agent secret key) to the ASP conditional access server 37. At block 352, the ASP 
conditional access server 37 transmits the encrypted product key to the requesting conditional 
access agent 28. 

At block 354, the conditional access agent 28 receives the encrypted product key, 
decrypts the encrypted product key utilizing the agent secure device 29. 

Having now revealed the product key within a secure enviromnent, the conditional access 
agent 28 may perform any one of a number of operations. In one embodiment, the conditional 
access agent 28may, within the secmre envirormient provided by the agent secure device 29, re- 
encrypted product key with a secxure device key of a secure device 46 at a content destination 22, 
and commimicate the re-enciypted product key (encrypted with a key for the secure device 46) to 
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a content destination 22. Alternatively, the conditional access agent 28 that utilized the 
decrypted product key to generate clear content then performs one or more operations relating to 
the clear content For example, the clear content may be communicated directly to content 
destination 22, may be watermarked and/or may be re-encrypted with a unique user key, before 
delivery to a content destination 22. 

As described above, a content provider 16 may optionally submit rules (i.e., access 
criteria) to the pay media conditional access service provider 38 for controlling access to a 
particular content. To this end, the ASP conditional access server 37 may require a valid digital 
signature of the rule information, generated utilizing the provider secure device 17 operated by 
the content provider 1 6. The signed rule information may also iuclude a recent time stamp in 
order to prevent replay. In an alternative embodiment, the content provider 1 6 may include a 
challenge (generated by the ASP conditional access server 37), in a rule change request 

In one embodiment, the pay media conditional access service provider 38 may also 
permit entities other than the content provider 1 6 to change or specify rule information, 
associated with a particular product key, as stored within the database 41 . Specifically, the 
service provider 38 may provide the ability to configure the rights of certain content providers 
16. This functionality allows a content provider 16a to modify rule information associated with a 
product key that was registered by another content provider 16n. Further, this fijnctionality 
allows a content provider 16a to introduce alternative rules for a product key that was previously 
registered by a-furfher content-provider 16n. The pay media conditional access provider 38^ in 
one embodiment, provides the following fiinctions: 

(1) Registration of a content item, and an associated product key, by a specific 
content provider 16. 

(2) Linking of a product key, associated with a particular content item, to 
additional, new rale information, and modification of the rule information for 
product keys associated with a particular content provider. 

(3) Registration of a new content item utilizing the same product key that is 
already associated with a fiirther, already registered content item. However, 
the new content item, while being registered with an already registered 
product key, may be registered with different rule information. 

In summary, the rights of each content provider 16 are stored and managed by the pay 
media conditional access provider 38. A content provider 16 may be authorized to register 
content items for one or more content providers (e.g., content providers 1 6a, 1 6b and 1 6c). The 
same content provider 16a niay be authorized to update rales for content providers 16b and 16d. 
Finally, for example, content provider 16b may be authorized to create new content items, 
utilizing a pre-registered product key of a content item registered by fiirther content provider 16c 
and 16f. 
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Separating User Authentication and Content Security 

As described above, current hardware-based content secxuity solutions are based on 
combining (1) user authentication and (2) content security into a single module (e.g., a smart 
card). However, this lack of differentiation between copy-protected device authentication and 
specific user authentication can be undesirable in certain circumstances. For example, it does not 
necessarily allow user mobility across multiple-protected devices (e.g., copy-protected personal 
computers or STBs). Accordingly, a specific user is typically only able to access restricted 
content via a specific copy-protected device purchased by that user, and into which user 
authentication information is integrated. For example, an authorized user is currently not able to 
utilize a STB, owned by a fiiend or relative that the user may be visiting, to view content to 
which the relevant user is a subscriber. 

According to one aspect of the present invention, this problem may be addressed by 
logically separating user authentication fimctionality firom content security (i.e., copy-protected 
device authentication) functionality. To this end Figure 16 is a block diagram illustrating a 
system 400, according to an exemplary embodiment of the present invention, that provides a 
product key to access content upon receipt and verification of two separate certificates, namely a 
first user device certificate for user authentication and a second secure copy-protected device 
certificate for content security authentication. More specifically, the system 400 includes a 
secure conditional access agent 28 that conmiunicates, as described above, with a conditional 
access client 48. The conditional access client 48, in turn, accesses a secure user authentication 
device 402 (e.g., a PKI token, smart card or SIM card) and a seciure copy-protected device 408 
(e.g., a software based tamperproof decoder or hardware based set top box decoder). 

The secure user authentication device 402 is, it will be appreciated, associated with a 
user, and is thus typically portable and carried on the person of a user. The secure copy- 
protected device 408, on the other hand, is associated with a device within which the ability to 
copy a content is disabled (or restricted). Accordingly, the secure copy-protected device 408 is 
typically embedded within, or integrally formed with, a viewing device (e.g., a PC or STB). 

Each of the secure user authentication and seciure copy-protected devices 402 and 408 is 
shown to include a respective device certificate 404 and 410, and a device public key 408 and 
412. 

Figure 17 is a flow chart illustrating a method 420, according to an exemplary 
embodiment of the present invention, to secure content for distribution via a network 18 by 
employing separate user device and copy-protected device authentication processes to protect 
content firom unauthorized access. At a high level, the method 420 includes associating a user 
device authentication process with content, and associating a separate, copy-protected device 
authentication process with the content. 

Referring to Figure 17, the method 420 commences at block 422 with the receipt by the 
conditional access client 48 of a signature and certificate 404 associated with the seciure user 
authentication device 402. The conditional access client 48 then forwards the user device 
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signature and certificate 404 to the secure conditional access agent 28. At block 424, flie 
conditional access client 48 receives a signature and certificate 410 associated with the copy- 
protected device 408 and transmits tiie copy-protected device signature and certificate 410 to the 
conditional access agent 28. 

At block 426, the conditional access agent 28 verifies the secure user device signature 
and certificate 404 in a first user device authentication process. At block 428, the conditional 
access agent 28 verifies user credentials against access criteria (or rule information) associated 
with content requested by the conditional access client 48. The requested content, it will be 
appreciated, is presented to an authenticated user via the authenticated copy-protected device 
408. 

At block 430,the conditional access agent 28 verifies the certificate 410 of the secure 
copy-protected device 408. At block 432, assuming the verification operations is performed at 
blocks 426-430 are successfiiUy completed, flie conditional access agent 28 proceeds to encrypt 
the requested content with a public key of the copy-protected device 408. At block 434, the 
conditional access agent 28 authorizes transmission of the encrypted content to the conditional 
access client 48 for delivery to the secure copy-protected device 408. 

At block 436, the conditional access client 48 initiates decryption of the requested content 
wherein a secure environment provided by the copy-protected device utilizing a private key (not 
shown) of the copy-protected device 408. 

In conclusion, it will be noted that-two separate and distinct authentication processes are 
performed at blocks 426-428 and 430. Fxulher, it will be noted that each of these separate 
authentication processes verify separate and distinct user device and copy-protected device 
information (e.g., separate device certificates). By separating the authentication processes, an 
authorized user, in one exemplary use scenario, is enabled to utilize a copy-protected device of a 
third party to request and view content, for which that particular user is authorized. For example, 
the user authentication device may comprise a smart card, PKI token, SIM card or the like, that 
may be inserted into a personal computer, STB, PDA, cell phone or the like of a third party, thus 
enabling the authorized user to request content via a third party's copy-protected device 408. 

Associating a License with a Particular User 

Content licenses, such as those implemented by Microsoft Windows Media DRM 
technology and Intel ISIS are typically linked in a cryptographic manner to a specific player 
(e.g., a user computer). However, such content licenses are not tied to a particular user, and thus 
can be utilized by any one with access to the relevant player. This situation is undesirable both 
from a content owner (license issuer) as well as a user (Ucense holder) viewpoint. 

At a high level, according to one aspect of the present invention, a method of associating 
a Ucense with a particular user includes encrypt a product key, to be included within a license to 
particular content, with both the public key 412 of the copy-protected device and the public key 
406 of a user authentication device. According to one aspect of the present invention, a method 
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of securing content for distribution to a network would include the operations of method 420 
described above with reference to Figure 17, but differ in tiiat at block 432, the conditional 
access agent 28 would encrypt the product key with both the public keys 406 and 412, as 
opposed to only the public key 412. 

Figure 18 is a flow chart illustrating a method 450, according to an exemplary 
embodiment of the present invention, of communicating a product key, encrypted with the public 
keys of both a copy-protected device and a user authentication device to a copy-protected device 
and a user authentication device. In one embodiment, the product key is firstly encrypted 
utilizing the public key of the copy-protected device 408, and then again encrypted with the 
public key 406 of the user authentication device 402. In this embodiment, it will be appreciated 
that, m order for the copy-protected device 408 to access tiie product key, the copy-protected 
device 408 requires the user authentication device 402 to first decrypt the product key. In order 
to prevent replay attacks, the copy-protected device lOSmay append a challenge to the encrypted 
key when requesting the user to decrypt tiie product key. 

Turning specifically now to the method 450 illustrated in Figure 18, at block 452, a user, 
via integrated or separate user-authentication and copy-protected devices 402 and 408, selects 
particular encrypted content for viewing via the copy-protected device 408, 

At block 454, the copy-protected device 408 loads a content license, associated with the 
requested content and required to decrypt the content. Figure 19 is a diagrammatic 
representation of an exemplary content license 470 that may be loaded at block 454. As 
illustrated, the content license 470 includes a machine identification identifying the copy- 
protected device 408, content identification identifying the requested content, a twice-encrypted 
product key 472, Ucense usage restrictions, a signature of the Ucense issuer, and a certificate of 
the license issuer. 

Returning to Figure 18, at block 456, the copy-protected device 408 detects that the 
product key 472 is encrypted witii the public key 406 of the user authentication device 402. This 
is indicated in the license usage restrictions. At block 458, the copy-protected device 408 
appends a random challenge to the encrypted product key 472 and, at block 460, requests the 
user authentication device 402 to decrypt tiie encrypted product key, and also issues a challenge 
to the user authentication device 402 utilizing the private key (not shown) of the user 
authentication device 402. 

At block 462, the copy-protected device 408 re-encrypts a result returned from the user 
authentication device 402 with the public key 406 of the device 402 to thereby verify the 
challenge. 

At decision block 464, a determination is made as to whether the challenge was 
successfully verified or not. If so, at block 466, the copy-protected device 408 decrypts the 
encrypted product key utiUzing the private key of the copy-protected device 408 to reveal the 
product key. At block 468,the copy-protected device 408 then utiUzes the revealed product key 
to decrypt the requested content. 
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The above-described aspect of the present mvention may be utilized in one exemplary 
use scenario to secure highly confidential data that is delivered to, and stored on, a copy- 
protected device 408 (e.g., a user's computer). Depending upon the user's authentication 
mechanism, a user may be required to utilize a hardware PKI token to authenticate the user to the 
copy-protected device 408 prior to obtaining access to the encrypted content. 

License Generation Utilizing Svmmetric Kevs 

As noted above, the signing of content licenses utilizing a private key operation is 
computationally expensive when a large number of simultaneous transactions are required (e.g., 
when the content is Uve, broadcast event). Additionally, the operational costs of managing 
private keys, and associated certification authorities may be high. 

With a view to addressing the above-identified problems, the present invention proposes, in 
one exemplary embodiment, signing a license utilizing a secret symmetric key. hi one 
embodiment, the secret symmetric key comprises a product key that encrypts content to which 
the license pertains. In an altemative embodiment, the symmetric key constitutes a key that is 
utilized to encrypt a product key that is in tum utiUzed to encrypt the content. 

Signing a content license utilizing a symmetric key is advantageous in that the 
computational costs of a symmetric key operation are substantially less than the computational 
costs of a private key operation. In this manner, the present invention allows a content 
distribution infrastructure to generate an-inereased number of licenses in a potentially shorter 
time period. A further benefit is that the additional costs of managing a public key infrastructure 
are substantially avoided, as in the embodiment where the symmetric key constitutes a product 
key, this product key is known to the license issuer anyway as a license will typically include 
such a products key. 

Signing licenses with a symmetric key (e.g., the product key) rather than a private key 
allows anyone with access to the product key to create licenses, rather than restricting the 
creation of licenses to certified license issuers. 

Figure 20 is a flow chart illustrating a method 480, according to an exemplary 
embodiment of the present invention, of signing a content license utilizing a symmetric key. 

At block 482, a content license is generated at a content provider 16. At block 484, the 
content provider 16 then signs the content license utilizing a symmetric key. In one 
embodiment, the symmetric key comprises a product key with which content, associated with the 
content license, is encrypted. In an altemative embodiment, the symmetric key is a synunetric 
key that the content provider 16 utilized to encrypt a product key that was utilized to encrypt the 
associated content. 

At block 486, the content provider 16 proceeds to encrypt the content, to which the 
content license pertains, with the symmetric product key. 
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At block 488, ihe content provider 16 then distributes the content, and the associated 
content license, to a recipient (e.g., to a content distributor 20, or directly to a content destination 
22). 

At block 490, tiie content provider 16 distributes the symmetric product key to a recipient 
(e.g., a content distributor 20 or a content destination 22). The distribution of the symmetric key 
may be according to any one of the methodologies discussed. For example, the symmetric key 
may be encrypted utilizing the pubUc key of a copy-protected device 408 associated with the 
recipient 

At block 492, the recipient verifies the content license utilizing the symmetric key. For 
example, the recipient may decrypt the product key utilizing a private key for a copy-protected 
device 408 associated with the recipient, and then utilize the decrypted product key to verify the 
content license. 

Having verified the content Ucense at block 494, the recipients may then optionally 
decrypt the content utilizing the symmetric product key. 

Figure 21 is a diagrammatic representation of a content license 496, according to an 
exemplary embodiment of the present invention. As illustrated, the content license 496 is signed 
utilizing digital signature 498 in the form of a symmetric key. In one embodiment, the symmetric 
key is a product key with which associated content is encrypted. The content license 496 is 
shown to include substantially the same information as tiie content license 470 shown in Figure 
19, but differs in that flie license 496 is signed by the product key, as opposed to being signed by 
a license issuer. 

Figure 22 is a flowchart providing furttier details regarding a method, according to an 
exemplary embodiment of the present invention, of generating the digital signature 498 for a 
license 496 utilizing a syimnetric key (e.g., a product key). 

As illustrated in Figure 22, the license 496 is subject to a hash function 510 to generate a 
hash result 512. The hash result 512 and a symmetric key in the exemplary form of a product 
key 500 provide input to a signature function 514 that generates a digital signature 498 for the 
license 496 from these two inputs. 

Figure 23 is a flowchart illustrating a method, according to an exemplary embodiment of 
the present invention, of verifying a content license 496, utilizing a digital signature 498 
generated utilizing a symmetric key (e.g., a product key). 

The license 496 is again subject to the hash function 5 10 to regenerate the hash resuU 512. A 
verification fimction 516 receives the three inputs, namely the hash result 5 12, the symmetric key 
500 and the digital signature 498. As the digital signature 498 was generated utilizing the 
symmetric key 500, the verification function 516 is able to verify the content license 496 
utilizing these three inputs. 
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Geographic Control of Content DLstribution 

It is desirable to provide a content provider 16 with geographic control over the distribution 
of content for a number of reasons. For example, a content provider 16 may wish to distribute a 
live event over the Intemet worldwide, but need to block certain countries (e.g., or reasons due to 
exclusive broadcasting rights having been sold to broadcasters in those regions). According to 
one aspect of the present invention, there is provided a method and system to provide content 
providers 16 with secure geographic distribution control. 

At a high level, the present invention proposes that content providers 16 encrypt content 
before distribution of a network (e.g., the Intemet). In order to view the encrypted content, a 
content destination 22 will need to retrieve the encrypted content and the associated encryption 
key (or keys). Prior to communicating such encryption keys and content, according to one 
aspect of the present invention, a user and/or a copy-protected device are authenticated with 
secure hardware devices (e.g., PKI-enabled hardware devices such as smart cards or USB e 
Tokens). Once a user or copy-protected device has been identified, a number of geographic 
location checks are then performed against geographic access criteria to determine whether or 
not to release content to a requesting content destination 22. 

Figure 24 is a flowchart illustrating a method 550, according to an exemplary 
embodiment of the present invention, of distributing content via a network (e.g., the Intemet) in a 
geographically controlled maimer. The method 550 commences at block 552 with the receipt of 
a request from a content requestor located at a content destination 22 for deliveiy of content via a 
network to the content destination 22. The request may, for example, be received at conditional 
access agent 28, as illustrated in Figure 2 from a conditional access client 48, located at the 
content destination 22. As described above with reference to Figure 16, the request to the 
conditional access agent 18 may include both a user authentication device certificate 404 and a 
copy-protected device certificate 410. 

At block 554, the conditional access agent 28, in the manner described above, retrieves 
access criteria associated with the request content from an appropriate conditional access server 
36 operated via a content provider 16, or by a service provider 38. The retrieved access criteria 
includes geographic access criteria specifying geographic regions (e.g., countries, states, 
provinces, counties, towns, municipal areas, etc.) and access conditions associated with those 
geographic regions. For example, the geographic access criteria may prohibit, or alternatively 
authorize, distribution of the associated content to a specific geographic region or regions. For 
the purposes of the present specification the term "geographic location" shall be taken to include 
any geographic location identifiable by any criteria, including national, state, municipal, city, 
town, economic, demographic, historical, or a socio-economic criteria. 

At block 554, the conditional access agent 28 also commences a content requestor or 
authentication process that, in one embodiment, includes performing a lookup to determine the 
physical deUvery address of the copy-protected device 408 utilizing the copy-protected device 
certificate. In an alternative embodiment, at block 554, the conditional access agent 28 may 
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perform a lookup of the delivery address of the user authentication device 402, utilizing 
information contained in the user device certificate 440. In yet a further embodiment, the 
conditional access agent 28 may lookup the delivery addresses for both the copy-protected and 
the user authentication devices. The delivery address information may be included in the 
certificate, or stored in the network as information linked with the user and/or device. 

At block 556, the conditional access agent 28 determines the source IP address of the 
request received firom the content requestor at the content destination 22, and attempts to map the 
source IP address to a geographic location. To this end, the conditional access agent 28 may 
have access to an external geographic location service, such as those offered by Quova, Inc., or 
Digital Envoy, Inc. that provide sophisticated IP geographic location services. 

At block 558, the conditional access agent 28 examines the geographic access criteria, 
included in the access criteria retrieved firom the conditional access server 36. 

At decision block 560, the conditional access agent 28 makes a determination as to 
whether the delivery address (or addresses) determined at block 554 and/or the geographic 
location associated with the source IP address determined at block 556 comply with the 
geographic access criteria. Following a positive determination at decision block 560, the 
conditional access agent 28 releases the requested content, stored on the local content server 40 
for delivery to the content destination 22 of the content requestor. On the other hand, following 
a negative determination at block 560, delivery of the requested content to the content requestor 
at the content destination 22 is blocked. 

It will be appreciated that the above-described methodology may find broad application 
in digital rights management and exercising geographic control over content distribution. For 
example, a content provider 16 (or distributor 20) may distribute USB eTokens in the U.S.A. for 
immigrants that vnsh to access sports events broadcast over the Internet firom a country of origin. 
The sports clubs (e.g., the content providers 1 6) can, utilizing the above method 550, verify that 
a content requestor is located at a content destination 22 m the U.S.A. by verifying the content 
requestor's digital certificate and signature, for distributing encrypted content and in appropriate 
key. 

By checking that both the delivery address of a user authentication or copy-protected 
device, and the source IP address of a content request are located within an authorized 
geographic location, the present invention seeks to prevent a user from utilizing a secure device, 
properly authorized, within an unauthorized geographic location. Specifically, the IP source 
address check decreases the ability of a fiaudulent user to access content from a '^blocked" 
geographic location. Content and keys are only delivered if a user has access to a user 
authentication and/or copy-protected device that is not officially distributed to any blocked 
region, and the source IP address of the content requestor is not mapped to any blocked region. 
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Dynamic Selection of Payment Gateways 

Traditional Intemet-based payment solutions may require a user to proyide financial 
information to companies which they do not have a tmst relationship, and also to provide 
financial information to a wide range of content providers 1 6 from which the user may wish to 
obtain content. This potentially creates barriers to entry for a user. 

According to one aspect of the present invention, these problems are addressed by having a 
content provider 16, and more specifically a conditional access server 36, order a list of payment 
gateways through which the content provider 16 will accept payment such that a preferred 
payment gateway is highly ranked in the ordered list, and a least preferred payment gateway is 
ranked low within the ordered list. 

Upon receiving a user request for access to content of a particular content provider 16 at a 
conditional access agent 28, the conditional access agent 28 may reorder (or re-rank) the list of 
accepted gateways to leverage existing tmst relationships between the content requestor and, for 
example, a content distributor 20 hosting the conditional access agent 28. In one embodiment, 
the list of payment gateways presented by the conditional access agent 28 to the content 
requestor is dictated by the content provider 16. The content distributor 20 is not authorized to 
add payment gateways to this list, but merely to reorder the list to reflect an existing trust 
relationship that the content requestor may have established. In an alternative embodiment, the 
content distributor 20 may' modify a list of payment gateways, by adding or subtracting payment 
gateways to that list Specifically, the content distributor20-niay-have established relationships 
with additional payment gateways that have no relationship with the content provider 16. In this 
case, the content distributor 20 may include such further additional payment gateways in the list 
presented to the content requestor. In this case, the content distributor 20 will assimie 
responsibility for the appropriate transfer of the funds to the content provider 16. 

Dealing more specifically with payment gateways, as stated above, a commerce service 
provider 42, such as that illustrated in Figure 2, may act as a payment gateway with respect to a 
content provider 16, a content distributor 20 and/or a content destination 22. For the purposes of 
the present invention, the term "payment gateway" will be taken to include any party that 
acquires transactions from a further party, and processes such transactions through a financial 
system (e.g., a banking or credit card system). Merely for example, a payment gateway may be 
used to link a banking network with the Internet. A payment gateway may furthermore link a 
nimiber of banking systems together (e.g.. Visa, MasterCard and American Express), and may 
typically not be vendor or bank specific, although occasionally this is the case, hi providing an 
interface between a merchant (e.g., a content provider 16 or a content distributor 20) and a 
bank's payment processing system, a payment gateway may operate to translate messages into 
other formats (e.g., VisaNet) that are utilized for authorization and settlement of merchant 
transactions. A payment gateway typically acquires a transaction, certifies it and routes it. Many 
payment gateways are based on Secure Electronic Transaction (ACT) technology. 
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Figure 25 is a flowchart illustrating a mefliod 600, according to an exemplary 
embodiment of the present invention, to dynamically present a payment gateway to a content 
requestor (e.g., as a content destination 22). 

The method 600 commences at block 602 at a content provider 16, which performs a 
ranking operation to generate an ordered list of payment gateways according to relationships 
estabhshed between the content provider 16 and such payment gateways. More specifically, as 
discussed above, a conditional access server 36 may utilize a number of tables to support 
functionally supplied to a content provider 16. Such tables include, as discussed above, the table 
PaymentGateway that is populated with records for each of a nimiber of payment gateways with 
which a content provider 16 has established relationships. The table PaymentGateway, in one 
embodiment of the present havention, is provided with an additional "raiik" field that radicates 
the ranking within an ordered list of payment gateways attributed to the relevant payment 
gateway by a content provider 16. The ranking operation performed at block 602 includes the 
identification of a preferred payment gateway that is identified by the content provider 16 as 
being it's first choice of a payment gateway through which to receive payment for access to 
content that it provides. 

At block 604, each of a nimiber of content distributors 20 may optionally rank a number 
of payment gateways according to relationships established between each of the respective 
content distributors 20 and the payment gateways, and again each identify a preferred payment 
gateway. In flie simplest implementation, the content distributor 20 itself may implement a 
payment gateway, and not have established any relationships with third party gateways. For 
example, Excite(a).Home may operate both as a content distributor 20, and a payment gateway. 
In this case, Excite@Home may simply identify an "Excite@Home wallef ' as the preferred 
payment gateway. In a more complex implementation, a content distributor 20 may have 
established relationships with a number of payment gateways, and in this case may maiatain a 
table similar to the table PaymentGateway of the conditional access server 36. 

At blocks 606, responsive to receipt of a content request at a content distributor 20, and 
more specifically a conditional access agent 28, the conditional access agent 28 requests certain 
information as described, firom a conditional access server 36 of a content provider 16. 
According to the present invention, the information communicated firom the conditional access 
server 36 to the conditional access agent 28 as part of this conmaunication includes a list of 
payment gateways accepted by the content provide 16. This list of payment gateways includes 
the ordered ranking of payment gateways and the identification of the provider-preferred 
payment gateway. At block 606, fee conditional access agent 28 also makes a determination as 
to whether a ranked list of payment gateways (or at least a preferred payment gateway) has been 
specified by the content distributor 20. 

Following a positive determination at block 608 (i.e., the content distributor 20 has 
identified a preferred payment gateway), at block 610, the conditional access agent 28 causes the 
preferred payment gateway of the content distributor 20 to be presented to the content requestor, 
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if appropriate. More specifically, in one embodiment, the conditional access agent 28 may 
reorder the list of provider-accepted payment gateways to reflect relationships established 
between the content distributor 20 and appropriate payment gateways, or to reflect trust 
relationships established between the content requestor and the content distributor 20 (e.g., in the 
case of Excite@Home^ or another third-party payment gateway. This reordered list of provider- 
accepted gateways is then communicated from the conditional access agent 28 to the conditional 
access client 48 for presentation to the content requestor (e.g., via a browser). 

In an altemative embodiment, at block 610, the conditional access agent 28 may modify 
the list of accepted payment gateways to include payment gateways with which the content 
distributor 20 has relationships, but with which the content provider 16 does not have 
relationships. In this way, the list of accepted payment gateways may be expanded or reduced, 
depending on relationships established by the content distributor 20. In this case, the modified 
list of accepted payment gateways will again be communicated to the conditional access client 
48 for presentation to the content requestor, with a preferred payment gateway being identified 
for presentation to the content requestor as such. 

On the other hand, following a negative determination at decision block 608 (i.e., the 
content distributor 20 has no preference with respect to payment gateways), the conditional 
access agent 28 forwards the provider-accepted list of payment gateways, unaltered, to the 
conditional access client 48 for presentation to the content requestor. In this case, the preferred 
payment gateway, as identified by the content provider 16, will be presented to Ae content 
requestor as such. 

In one embodiment of the present invention, the actual preferred payment gateway that is 
presented to the content requestor at block 610 or 612 is presented as a default payment gateway. 
In one embodiment, this may involve presenting only the prefenred payment gateway to the 
content requestor, without presenting other options. In an altemative embodiment, a list of 
payment gateways, with the preferred (or default) payment gateway being selected in the absence 
of selection of the content requestor to the contrary, may be presented to the content requestor. 

Figure 26 illustrates an exemplary sequence of user interfaces that may be presented by a 
client (e.g., a browser), executing on a client device (e.g., a personal computer) at a content 
destination 22, and also hosting a conditional access client 48. The sequence of interfaces 
includes a first content selection interface 620, according to an exemplary embodiment of the 
present invention, which allows a content requestor to select particular content To this end, the 
exemplary content selection interface 620 presents tities for each a number of content items, and 
a check box adjacent to each of these tities that the user may check to indicate selection of a 
content item. 

A payment selection interface 622, according to an exemplary embodiment, presents a 
number of payment gateways, in the exemplary form of "wallets" from which the content 
requestor may select a wallet via which payment for one or more content items may be made. 
As illustrated in the exemplary payment selection interface 622, Excite@Home wallet is 
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indicated as a preferred, defeult payment gateway as a radio button displayed adjacent a listing 
for this wallet is pre-selected. Additional wallets are listed below tiie Excite@Home wallet in an 
order determined by the content distributor 20, or in the absence of any preference by the content 
distributor 20, by the content provider 16, 

The methodology as described above enables the following illustrative exemplary 
scenario. The National Basketball Association (NBA) may distribute a live basketball game over 
a network (e.g., the Internet). The NBA, as a content provider 16, may accept payment utilizing 
a NBA wallet, an Excite@Home wallet, and an English '"British Telecom" wallet, and may 
designate the NBA wallet as a preferred, default wallet. 

When an Excite@Home user requests access to the game via a conditional access agent 
28 deployed by Excite@Home. operating as a content distributor 20, the relevant conditional 
access agent 28 may, in the manner described above, reorder a list of payment gateways, 
accepted by the NBA and received from a conditional access server 36 operated by the NBA, to 
reflect the Excite@.Home wallet as the preferred and default wallet. Accordingly, the 
Excite@Home wallet would in this case be presented to the end user as the default wallet 

Alternatively, when a British Telcom user requests access to the game via a conditional 
access agent 28 deployed by British Telcom in its capacity as a content distributor 20, the 
preferred and default payment gateway may be switched to the British Telcom wallet by the 
relevant conditional access agent 28. 

Finally, if a user requests content to the game outside the Excite(aHome and British 
Telcom networks, the payment gateway communicated to the content requestor as the default 
and preferred payment gateway (in the absence of a reconfiguring by the appropriate content 
distributor 20) will be the NBA wallet, as specified by the NBA in its capacity as a content 
provider 16. 

This enables a content provider 16 (e.g., the NBA) to sell access to a basketball game 
with minimal user inconvenience for Excite@Home and British Telcom users, as these users are 
not required to establish an accoimt with the NBA. Such users will then be spared the 
inconvenience of having to re-supply confidential information to the NBA. 

With a view to implementing the method 600 described above, both a content provider 16 
and a content distributor 20 may maintain an ordered (or ranked) list of payment gateways. To 
enable the content distributor 20 to determine which payment gateways should be presented to a 
user, the ranked list of payment gateways may be communicated from the content provider 16 to 
the content distributor 20. Similarly, in one embodiment, the content distributor 20 may 
maintain a similarly ranked list of payment gateways. 

In one embodiment, the content distributor 20 may present both the first and second 
ranked lists of payment gateways to a user for selection. In a fiuther embodiment, the content 
distributor 20 may operate to only present payment gateways within the lists that correspond. La 
other words, only payment gateways that appear on the list of the content distributor 20 are 
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presented to the requestor, with other payment gateways that do not appear on the list maintained 
by the content distributor 20 being filtered out. 

In yet a further embodiment, the content distributor 20 may reorder payment gateways 
communicated in the ranked list of the content provider 16 to reflect relationships established 
between the content distributor 20 and at least one payment gateway. 

In yet a further embodiment of the present invention, a content distributor 20 may be 
authorized to only present payment gateways that are included in the ranked list generated by the 
content provider 16, and communicated to the content distributor 20. Nonetheless, in this 
embodiment, the content distributor 20 is presented with the option of re-ordering, or only 
displaying selected payment gateways, in accordance with relationships that may have been 
established between the content distributor 20 and the payment gateways, or relationships that 
may have been established between the end user and the payment gateways. 

Computer System 

Figure 27 is a diagrammatic representation of a machine in the form of computer system 
700 within which software, in the form of a series of machine-readable instructions, for 
performing any one of the methods discussed above may be executed. The computer system700 
includes a processor 702, a main memory 704 and a static memory 706, which conamimicate via 
a bus 708. The computer system 700 is further shown to include a video display unit 710 (e.g., a 
liquid crystal display (LCD) or a cathode ray tube (GKl^). The computer system 700-also 
includes an alphanumeric input device 712 (e.g., a keyboard), a cursor control device 714 (e.g., a 
mouse), a disk drive unit 716, a signal generation device 718 (e.g., a speaker) and a network 
interface device 720. The disk drive unit 716 accommodates a machine-readable medium 722 on 
which software 724 embodying any one of the methods described above is stored. The software 
724 is shown to also reside, completely or at least partially, within the main memory 704 and/or 
within the processor 702. The software 724 may furthermore be transmitted or received by the 
network interface device 720. For the purposes of the present specification, the term "machine- 
readable medium" shall be taken to include any medium that is capable of storing or encoding a 
sequence of instructions for execution by a machine, such as the computer system 700, and that 
causes the machine to perform the methods of the present invention. The term "machine- 
readable medium" shall be taken to include, but not be limited to, solid-state memories, optical 
and magnetic disks, and carrier wave signals. 

If written in a programming language conforming to a recognized standard, the software 
724 can be executed on a variety of hardware platforms and for interface to a variety of operating 
systems. In addition, the present invention is not described with reference to any particular 
programming language. It will be appreciated that a variety of programming languages may be 
used to implement the teachings of the invention as described herein. Furthermore, it is common 
in the art to speak of software, in one form or another (e.g., program, procedure, process, 
application, module, logic...), as taking an action or causing a result. Such expressions are 
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merely a shorthand way of saying that execution of the software by a machine, such as the 
computer system 700,to perform an action or a produce a result 

Thus, methods and systems to distribute content via a network utilizing distributed 
conditional access agents and secure agents, and to perform digital rights management (DRM) 
have been described. Although the present invention has been described with reference to 
specific exemplaiy embodiments, it will be evident that various modifications and changes may 
be made to these embodiments without departing fi-om flie broader spirit and scope of the 
invention. Accordingly, the specification and drawings are to be regarded in an illustrative rather 
than a restrictive sense. 
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What is claimed is: 

1 . A method to distribute content via a network, the method including: 
receiving content at a content distributor from a content provider; and 

at the content distributor, performing an operation relating to the content, 

wherein the content provider provides authori2ation to the content distributor to perform the 
operation, and wherein the authorization is specific to the content distributor. 

2. The method of claim 1 wherein the operation is performed within a secure environment 
implemented at the content distributor. 

3. The method of claim 1 wherein the operation is an association operation to associate the 
content with a content consumer. 

4. The method of claim 3 wherein the association operation comprises-a watermarking 
operation to watermark the content as content distributed specifically to the content consumer. 

5. The method of claim 3 wherein the association operation comprises an encryption 
operation to encrypt the content utilizing a user key associated with, and communicated to, the 
content consumer. 

6. The method of claim 1 including evaluating a request firom a content consumer for 
delivery of the content. 

7. The method of claim 6 wherein the evaluating of the request includes verification of user 
information against access criteria associated with the content and defined by the content 
provider. 

8. The method of claim 1 including receiving a product key with which the content is 
encrypted at the content distributor fi-om the content provider, wherein the product key is 
encrypted by the content provider with a distributor key associated with the content distributor. 

9. The method of claim 8 wherein the distributor key associated with the content distributor 
is a public key of the content distributor. 
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10. The method of claim 9 including decrypting the product key at the content distributor 
utilizing a private key of the content distributor. 

1 1 . The method of claim 8 wherein the product key is received from the content provider 
responsive to a request from the content distributor. 

12. The method of claim 8 wherein the content distributor caches the product key. 

13. The method of claim 8 including receiving access criteria at the content distributor from 
the content provider, wherein the access criteria is associated with the content 

14. The method of claim 13 wherein both the product key and the access criteria are signed 
with a private key of the content provider to cryptographically combine the product key and the 
access criteria. 



15. The method of claim 1 including receiving user secure device information at the content 
distributor from a commerce service provider. 

1 6. The method of claim 1 5 wherein the user secure device information is signed by a private 
key of the commerce service provider. 

17. The method of claim 15 wherein the user secure device information includes any one of a 
group of information items including a purse value, geographic information, date information 
and time information. 



1 8. The method of claim 1 including receiving subscription information at the content 
distributor from the content provider, 

1 9. The method of claim 1 8 wherein the subscription information is signed by the content 
provider utilizing a private key of the content provider. 

20. The method of claim 19 wherein the subscription information is signed by the content 
provider utiUzing a secret key shared with the content distributor. 

2 1 . The method of claim 1 9 including constructing an order request at the content distributor 
and transmitting the order request to a content consumer for acceptance. 



22. 



The method of claim 21 including attaching a content distributor signature to the order 
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request, wherein the content consumer verifies the content distributor signature. 

23. The method of claim 22 wherein the content consumer is prompted for an identification 
number to signed an order confirmation, and wherein the order confirmation is transmitted fi:om 
the content consmner to the content distributor. 

24. The method of claim 23 wherein the content distributor verifies the order confirmation 
within a physically secure environment. 

25. The method of claim 24 wherein the content distributor creates a secure session and a 
user key responsive to verification of the order confirmation, the user key being transmitted to 
the content consumer. 

26. The method of claim 5 wherein the encryption operation includes decryption of the 
content encrypted with provider a key associated with the content provider and re-encryption of 
the content with the user key associated with the content consumer, 

27. The method of claim 4 wherein the watermarking operation includes decrypting the 
content, watermarking the content for a specific content consimier, and re-encrypting the content, 
wherein the decrypting of the content is performed under authorization of the content provider. 

28. The method of claim 27 wherein the decrypting, watermarking, and re-encrypting of the 
content are performed within a secure tamperproof environment. 

29. A system to distribute content via a network, the system including: 
a content provider to provide content; 

a content distributor, coupled to the content provider via the network, and to receive the 
content fi:om the content provider and to perform an operation relating to the content, 

wherein the content provider is to provide authorization to the content distributor to perform the 
operation, and wherein the authorization is specific to the content distributor. 

30. The system of claim 29 wherein the operation is performed within a secure environment 
implemented at the content distributor. 

3 1 . The system of claim 29 wherein the operation is an association operation to associate the 
content with a content consumer. 
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32. The system of claim 31 wherein the association operation comprises a watermarking 
operation to watermark the content as content distributed specifically to the content consumer. 

33. The system of claim 3 1 wherein the association operation comprises an encryption 
operation to encrypt the content utilizing a user key associated with, and communicated to, the 
content consimier. 



34. The system of claim 29 wherein the content distributor is to evaluate a request from a 
content consumer for delivery of tiie content. 

35. The system of claim 34 wherein the evaluation of the request includes verification of user 
information against access criteria associated with the content and defined by the content 
provider. 

36. The system of claim 29 wherein the content distributor is to receive a product key with 
which the content is encrypted from the content provider, wherein the product key is encrypted 
by the content provider witii a distributor key associated with the content distributor. 

37. The system of claim 36 wherein the distributor key associated with the content distributor 
is a public key of the content distributor. 

38. The system of claim 37 wherein the content distributor is to decrypt the product key at 
the content distributor utilizing a private key of the content distributor. 

39. The system of claim 36 wherein the content distributor is to receive the product key from 
the content provider responsive to a request from the content distributor. 

40. The system of claim 36 wherein tiie content distributor is to cache the product key. 

41 . The system of claim 36 wherein the content distributor is to receive access criteria from 
the content provider, the access criteria being associated with the content. 

42. The system of claim 41 wherein the content provider is to sign both the product key and 
the access criteria with a private key of the content provider to cryptographically combine the 
product key and the access criteria. 

43. The system of claim 29 wherein the content distributor is to receive user secure device 
information from a commerce service provider. 
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44. The system of claim 43 wherein the user secure device information is signed by a private 
key of the commerce service provider. 

45. The system of claim 43 wherein the user secure device information includes any one of a 
group of information items including a purse value, geographic information, date information 
and time information. 

46. The system of claim 29 wherein the content distributor is to receive subscription 
information from the content provider. 

47. The system of claim 29 wherein the content provider is to sign subscription information 
utilizing a private key of the content provider. 

48. The system of claim 47 wherein the content provider is to sign the subscription 
information utilizing a secret key shared with the content distributor. 

49. The system of claim 47 wherein the content distributor is to construct an order request, 
and to transmit the order request to a content consumer for acceptance. 

50. The system of claim 49 wherein content distributor is to attach a content distributor 
signature to the order request, and wherein the content consumer is to verify the content 
distributor signature. 

5 1 . The system of claim 49 wherein the content consumer is prompted for an identification 
number to signed an order confirmation, and wherein the order confirmation is transmitted from 
the content consumer to the content distributor. 

52. The system of claim 51 wherein the content distributor is to verify the order confirmation 
within a physically secure environment. 

53. The system of claim 52 wherein the content distributor is to create a secure session and a 
user key responsive to verification of the order confirmation, the user key being transmitted to 
the content consumer. 

54. The system of claim 33 wherein the encryption operation includes decryption of the 
content encrypted with a provider key associated with the content provider and re-encryption of 
the content with the user key associated with the content consumer. 
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55. The system of claim 32 wherein the watemiarking operation includes decrypting the 
content, watermarking the content for a specific content consumer, and re-encrypting the content, 
wherein the decrypting of the content is perfomied under autiiorization of ttie content provider. 

56, The system of claim 55 wherein the decrypting, watermarking, and re-enciypting of the 
content are performed within a secure tamperproof environment 



57. A method to distribute content via a network, the method including: 

at a content provider, generating a set of session keys and encrypting content utilizing the 
set of session keys to generate encrypted content; 

conmnmicating the set of session keys to a content distributor; 

at the content distributor, encrypting the set of session keys utilizing a user key to 
generate a set of encrypted keys; 

transmitting the encrypted content to a content destination; 

transmittiag the set of encrypted keys from the content distributor to the content 
destination; and 

transmitting the user key from the content distributor to the content destination so as to 
enable the content destination to decrypt the set of encrypted keys to extract the set of 
session keys; and 

at die content destination, utilizing the set of session keys to decrypt the encrypted 
content. 

58. The method of claim 57 wherein the set of session keys comprises a time-varying 
sequence of session keys. 

59. The method of claun 57 wherein the communication of the set of session keys to the 
content distributor includes: 

at the content provider, encrypting the set of session keys utilizing a product key to 
generate a set of master encrypted keys; 
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t 

commumcating the set of master encrypted keys from the content provider to the content 
distributor; 



communicating the product key from the content provider to the content distributor; and 

at the content distributor, decrypting the set of master encrypted keys utilizing the 
product key to extract the set of session keys. 

60. The method of claim 59 wherein the product key is encrypted with a public key of the 
content distributor prior to communication of the product key from the content provider to the 
content distributor so that the public key is only available to the content distributor. 

6 1 . The method of claim 57 including receiving, from the content destination and at the 
content distributor, a request for delivery of the content to the content destination. 

62. The method of claim 61 including receiving, from the content destination and at the 
content distributor, a user certificate in association with the request. 

63. The method of claim 61 including receiving, from the content destination and at the 
content distributor, a copy-protected de^dce certificate in association with the request 

64. The method of claim 59 including, at the content distributor, generating a request for 
access criteria and the product key, and communicating the request for the access criteria to the 
content provider. 

65. The method of claim 64 including, at the content provider attaching a signature of the 
content provider to the access criteria and the product key to cryptographically bind the access 
criteria with the product key, and communicating the signature, the access criteria and the 
product key to the content distributor, 

66. The method of claim 65 including, at the content provider, encrypting the product key 
with a public key of the content distributor prior to commimication of the product key to the 
content distributor. 

67. The method of claim 66 including, at the content distributor, verifying the signature of 
the content provider, and decrypting the product key utilizing a private key of the content 
distributor, the product key being utilized to decrypt the set of master encrypted keys to extract 
the set of session keys. 



-66- 



wo 01/98903 PCT/USOl/19271 

68. The method of claim 57 including issuing, from the content distributor to the content 
destination, a request for user secure device infomDiation. 

69. The method of claim 68 including issuing, from the content distributor to the content 
provider, a request for subscription information. 

70. The method of claim 69 including constructing, at the content distributor, an order 
request for the content based on the secure device information, the access criteria and the 
subscription information and communicating the order request from the content distributor to the 
content destination for acceptance. 

71 . The method of claim 70 wherein the order request includes a signature of the content 
distributor, and wherein the user process verifies the signature of the content distributor. 

72. The method of claim 71 wherein the content destination generates an order, signs the 
order utilizing a user signature and communicates the order to the content distributor. 

73. The method of claim 72 wherein the content distributor, responsive to receipt of the 
order, verifies access criteria and the user signature within a physically secure environment. 

74. The method of claim 57 wherein the content distributor creates a secure network session 
with the content destination, creates (he user key, encrypts the user key with a public key of the 
content destination, and communicates the encrypted user key to the content destination utilizing 
secure network session. 

75. The method of claim 74 wherein the content destination decrypts the encrypted user key 
utilizmg a private key associated with the content destination to extract the user key for a 
purpose of decrypting the set of encrypted keys. 

76. A system to distribute content via a network, the system including: 

a content distributor coupled, via the network, to a content provider and to a content 
destination 

the content provider operating to a generate a set of session keys, encrypt content 
utilizing the set of session keys, and to communicate the set of session keys to the content 
distributor; 



the content distributor operating to encrypt the set of session keys utilizing a user key to 
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generate a set of encrypted keys, to transmit the set of encrypted keys to the content 
destination, and to transmit the user key from the content distributor to the content 
destination so as to enable the content destination to decrypt the set of encrypted keys to 
extract the set of session keys; and 

the content destination operating to utilize the set of session keys to decrypt the encrypted 
content. 

77. The system of claim 76 wherein the set of session keys comprises a time-varying 
sequence of session keys, 

78. The system of claim 76 wherein the content provider is to encrypt the set of session keys 
utilizing a product key to generate a set of master encrypted keys, to communicate the set of 
master encrypted keys from the content provider to the content distributor, and to conrmiunicate 
the product key from the content provider to the content distributor; and wherein the content 
distributor is to decrypt the set of master encrypted keys utilizing the product key to extract the 
set of session keys. 

79. The system of claim 78 wherein the product key is encrypted with a public key of the 
content distributor pnor to cGnmiumeatiGn of^the product-key from-the content provider ^t^ 
content distributor so that the public key is only available to the content distributor. 

80. The system of claim 76 wherein the content distributor is to receive a request for delivery 
of the content to the content destination. 

81 . The system of claim 80 wherein the content distributor is to receive a user certificate in 
association with the request. 

82. The system of claim 80 wherein the content distributor is to receive a copy-protected 
device certificate in association with the request. 

83. The system of claim 78 wherein the content distributor is to generate a request for access 
criteria and the product key, and to communicate the request for the access criteria to the content 
provider. 

84. The system of claim 83 wherein the content provider is to attach a signature of the 
content provider to the access criteria and the product key to cryptographically bind the access 
criteria with the product key, and to communicate the signature, the access criteria and the 
product key to the content distributor. 
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85. The system of claim 84 wherein the content provider is to encrypt the product key with a 
public key of the content distributor prior to commimication of the product key to the content 
distributor. 

86. The system of claim 84 wherein the content distributor is to verify the signature of the 
content provider, and to decrypt the product key utilizing a private key of the content distributor, 
the product key being utilized to decrypt the set of master encrypted keys to extract the set of 
session keys. 

87. The system of claim 76 wherein the content distributor is to issue, to the content 
destination, a request for user seciure device information. 

88. The system of claim 87 wherein the content distributor is to issue, to the content provider, 
a request for subscription information. 

89. The system of claim 88 wherein the content distributor is to construct an order request for 
the content based on the secure device information, the access criteria and the subscription 
information and to connnunicate the order request from the content distributor to the content 
destination for acceptance. 

90. The system of claim 89 wherein the order request includes a signature of the content 
distributor, and wherein the user process verifies the signature of the content distributor. 

91 . The system of claim 90 wherein the content destiaation is to generate an order, to sign the 
order utiUzing a user signature and to communicate the order to the content distributor. 

92. The system of claim 91 wherein the content distributor, responsive to receipt of the order, 
is to verify access criteria and the user signature wifliin a physically secure enviroimient. 

93. The system of claim 76 wherein the content distributor is to create a secure network 
session with the content destination, to create the user key, to encrypt the user key with a public 
key of the content destination, and to communicate the encrypted user key to the content 
destination utilizing secure network session. 

94. The system of claim 93 wherein the content destination is to decrypt the encrypted user 
key utilizing a private key associated with the content destination to extract the user key for a 
purpose of decrypting the set of encrypted keys. 
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95; An automated method to provide an encryption key storage and distribution service, the 
method including: 



receiving a product key at a service provider, the product key (1) being received from a 
first content provider, (2) encrypting first content controlled by the first content provider, 
and (3) being encrypted with a secure device public key of a first secure device of the 
service provider; 

within the first secure device at the service provider, decrypting the product key utilizing 
the secure device public key; 

within the first secure device at the service provider, encrypting the product key using a 
storage key associated with the first secure device; and 

storing the product key, encrypted using the storage key, at the service provider. 

96. The method of claim 95 including receiving a plurality of product keys from respective 
content providers of a plurality of content providers, each of the product keys encrypting content 
controlled by the respective content providers. 

97. The method of claim 96 wherein each of the plurality of product keys is generated within 
a second secure device of each of the respective content providers. 

98. The method of claim 96 including receiving rule information, pertaining to access to 
associated content controlled by a respective content provider, at the service provider wherein 
the rale information is stored at the service provider and is associated with at least one product 
key stored at the service provider. 

99. The method of claim 95 wherein the secure device public key comprises a public key of 
the first secure device of the service proAdder. 

100. The method of claim 96 wherein each of the plurality of product keys, encrypted with the 
secure device public key, is signed using a respective content provider private key. 

101. The method of claim 96 wherein each of the product keys is received at the service 
provider with an associated content provider certificate. 

102. The method of claim 101 wherein the service provider verifies a signature and the 
associated content provider certificate of each of the plurality of content providers. 
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103 . The method of claim 95 including: 

receiving a request to access the first content at the service provider fi:om a requestor; 

within the first secure device at the service provider, decrypting the product key, 
encrypted with the storage key; 

within the first secure device at the service provider, decrypting a requestor secret key, 
associated with the requestor; 

within the secure device of the service provider, encrypting the product key with the 
requestor secret key; and 

commxmicating the product key, encrypted with the requestor secret key, to the requestor. 

104. The method of claim 103 wherein the requestor decrypts the product key utilizing the 
requestor secret key, and the service provider distributes the product key to an end-user to enable 
the end-user to decrypt the first content 

105. The method of claim 104 wherein the requestor decrypts the product key utilizing the 
requestor secret key and decrypts the first content for access by the requestor. 

106. The method of claim 95 including: 

conmiunicating the secure device public key to each of a plurality of content requestors; 

receiving a fiuiher key for each of the plurality of content requestors, the further key 
being encrypted utilizing the storage key; and 

storing a plurality of fiirther keys, encrypted utilizing the storage key and associated with 
a respective requestor, at the service provider. 

107. The method of claim 106 wherein the secure device public key comprises a public key of 
the first secure device. 

108. The method of claim 106 wherein the further key comprises a private key of the content 
requestor. 



-71- 



wo 01/98903 PCT/USOl/19271 

109. An system to provide an encryption key storage and distribution service, the system 
including: 



a first content provider; and 

a service provider, coupled to the first content provider via a network, to receive a 
product key, the product key (1) being received firom a first content provider, (2) 
encrypting first content controlled by the first content provider, and (3) being encrypted 
with a secure device public key of a first secure device of the service provider; 

wherein the service provider is to, within the first secure device at the service provider, decrypt 
the product key utilizing the secure device public key and to encrypt the product key using a 
storage key associated with the first secure device; and wherein the service provider is further to 
store the product key, encrypted using the storage key. 

1 10. The system of claim 109 wherein the service provider is to receive a plurality of product 
keys firom respective content providers of a plurality of content providers, each of the product 
keys encrypting content controlled by the respective content providers. 

1 1 1 . The system of claim 1 10 wherein each of-the product-keys of-the plurality of product 
keys is generated within a second secure device of each of the respective content providers. 

112. The system of claim 110 wherein the service provider is to receive rule information, 
pertaining to access to associated content controlled by a respective content provider, wherein 
the mle information is stored at the service provider and is associated with at least one product 
key stored at the service provider. 

113. The system of claim 109 wherein the secure device public key comprises a public key of 
the first secure device of the service provider. 

114. The system of claim 110 wherein each of the product keys of the plurality of product 
keys, encrypted with the secure device public key, is signed using a respective content provider 
private key. 

115. The system of claim 110 wherein each of the product keys of the plurality of product 
keys is received at the service provider with an associated content provider certificate. 

116. The system of claim 115 wherein the service provider is to verify a signature and the 
associated content provider certificate of each of the plurality of content providers. 
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117. The system of claim 109 wherein the service provider is to receive a request to access the 
first content from a requestor, and: 

within the first secure device, to decrypt the product key encrypted with the product key with the 
storage key, to decrypt a requestor secret key associated with the requestor, and to encrypt the 
product key with the requestor secret key; and to: 

commimicate the product key, encrypted with the requestor secret key, to the requestor. 

118. The system of claim 117 wherein the requestor decrypts the product key utilizing the 
requestor secret key, and the service provider is to distribute tiie product key to an end-user to 
enable the end-user to decrypt the first content. 

119. The system of claim 118 wherein the requestor decrypts the product key utilizing the 
requestor secret key and decrypts the first content for access by the requestor. 

120. The system of claim 109 wherein the service provider is to: 

communicate the secure device public key to each of a plurality of content requestors; 

receive a further key for each of the plurality of requestors, the further key being 
encrypted utilizing the storage key; and 

store a plurality of further keys, encrypted utilizing the storage key and associated with a 
respective requestor. 

121 . The system of claim 120 wherein the secure device public key comprises a public key of 
the first secure device. 

122. The system of claim 120 wherein the further key comprises a private key of the content 
requestor. 

123. A method of securing content for distribution via a network, the method including: 

associating a user device authentication process with the content; and 

associating a copy-protected device authentication process v^th the content, 
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wherein the user device authentication process and the copy-protected device authentication 
process comprise separate authentication processes to protect the content from unauthorized 
access. 

124. The method of claim 123 wherein the user device authentication process includes 
verification of a user device certificate. 

125. The method of claim 124 wherein the verification of the user device certificate occurs at 
an agent remote from a user device. 

126. The method of claim 124 wherein the verification of the user device certificate occurs at 
a user device. 

127. The method of claim 123 wherein the user device authentication process includes 
verification of the user credentials against content access criteria. 

128. The method of claim 123 wherein the copy-protected device authentication process 
includes verification of a copy-protected device certificate. 

129. The method of claim 128 wherein the verification of the copy-protected device certificate 
occurs at an agent remote from a copy-protected device. 

130. The method of claim 128 wherein the verification of the copy-protected device certificate 
occurs at a copy-protected device. 

131. The method of claim 123 including, upon successfiil completion of the user device and 
copy-protected device authentication processes, encrypting a product key, with which the content 
is encrypted, with a public key of a copy-protected device. 

132. The method of claim 123 wherein the associating of both the user device and copy- 
protected device authentication processes with the content includes encrypting a product key, to 
access the content, with both a public key of a user device and a public key of a copy-protected 
device to create a twice-encrypted product key. 

133. The method of claim 132 wherein the twice-encrypted product key is first encrypted with 
the public key of a user device to create a once-encrypted product key, and second encrypted 
with the public key of a copy-protected device to create the twice-encrypted product key. 
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1 34. The method of claim 1 32 wherein the twice-encrypted product key is included within a 
license associated with the content 



135. The method of claim 1 34 wherein the license includes any one of a group of data items 
including the user device public key, a certificate serial number, and issuer authentication 
information. 

1 36. The method of claim 135 wherein the issuer authentication information includes a 
signature by a license issuer and a certificate of the license issuer. 

1 37. The metiiod of claim 1 32 wherein the user device authentication process includes 
decryption of the twice-encrypted product key by the user device to reveal a once-encrypted 
product key. 

138. The method of claim 137 wherein the user device decrypts the twice-enciypted product 
key utilizing a private key of a user device. 

139. The method of claim 138 wherein the copy-protected device issues a request to the user 
device to decrypt the twice-encrypted product key, the request including a challenge to the twice- 
encrypted product key. 

140. The method of claim 139 wherein the challenge includes a private key of the user device. 

141 . The method of claim 137 wherein the copy-protected device authentication process 
includes decryption of the once-encrypted product key by the copy-protected device to reveal the 
product key, 

142. The method of claim 137 wherein the copy-protected device decrypts flie once-encrypted 
product key utilizing a private key of the copy-protected device. 

143. A system to secure content for distribution via a network, the system including: 
a user device; 

a copy-protected device; and 

a content distributor, coupled via the network to both the user and copy-protected 
devices, to perform a user device authentication process and a copy-protected device 
authentication process with respect to the content, 
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wherein the user device authentication process and the copy-protected device authentication 
process comprise separate authentication processes to protect the content from unauthorized 
access. 

144. The system of claim 143 wherein the user authentication process includes verification of 
a user device certificate associated with the user device, 

145. The system of claim 143 wherein the user device authentication process includes 
verification of the user credentials against content access criteria. 

146. The system of claim 143 wherein the copy-protected device authentication process 
includes verification of a copy-protected device certificate associated with the copy-protected 
device. 

147. The system of claim 146 wherein the verification of the copy-protected device certificate 
occurs at an agent remote firom the copy-protected device. 

148. The system of claim 146 wherein the verification of the copy-protected device certificate 
occurs at the copy-protected device. 

149. The system of claim 143 wherein the content distributor, upon successful completion of 
the user device and copy-protected device authentication processes, is to encrypt a product key, 
with which the content is encrypted, with a public key of the copy-protected device. 

150. The system of claim 143 wherein the content distributor, upon successful completion of 
the user device and copy-protected device authentication processes, is to encrypt a product key, 
with which the content is encrypted, with both a public key of the user device and a public key of 
the copy-protected device to create a twice-encrypted product key. 

151. The system of claim 1 50 wherein the twice-encrypted product key is first encrypted with 
the public key of the user device to create a once-encrypted product key, and second encrypted 
with the public key of the copy-protected device to create the twice-encrypted product key. 

152. The system of claim 1 50 wherein the content distributor is to include the twice-encrypted 
product key within a license associated with the content 

153. The system of claim 152 wherein the license includes any one of a group of data items 
including a user device public key, a certificate serial number, and issuer authentication 
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1 54. The system of claim 1 53 wherein the issuer authentication information includes a 
signature by a license issuer and a certificate of the license issuer. 

155. The system of claim 151 wherein the user device authentication process includes 
decryption of the twice-encrypted product key by the user device to reveal the once-enciypted 
product key. 

1 56. The system of claim 1 55 wherein the user device decrypts the twice-enciypted product 
key utiliziag a private key of the user device. 

1 57. The system of claim 1 50 wherein the copy-protected device issues a request to the user 
device to decrypt the twice-encrypted product key, the request including a challenge to the twice- 
encrypted product key. 

158. The system of claim 157 wherein the challenge includes a private key of the user device. 

159. The system of claim 155 wherein the copy-protected device authentication process 
includes decryption of the once-encrypted product key by the copy-protected device to reveal the 
product key. 

160. The system of claim 151 wherein the copy-protected device is to decrypt the once- 
encrypted product key utilizing a private key of the copy-protected device. 

161 . A method digitally to sign a content license associated with content, the method 
including: 

generating the content license at a content provider; and 
signing the content license utilizing a symmetric key. 

162. The method of claim 161 wherein the symmetric key encrypts the content 

163. The method of claim 161 wherein the symmetric key encrypts a product key that in turn 
encrypts the content. 
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164. The method of claim 161 wherein the content license includes any one of a group of 
license items including a machine identifier, a content identifier, usage restrictions and user 
certificate information. 

165. The method of claim 161 including transmitting the content license in conjunction with 
the content to a recipient. 

166. The method of claim 165 including transmitting the symmetric key to the recipient. 

167. The method of claim 166 wherein the symmetric key is encrypted with a public key of 
recipient 

168. The method of claim 161 including verifying the signing of the content license at the 
recipient utilizing the symmetric key. 

169. The method of claim 161 wherein the signing of the content license includes generating a 
hash result of the content license utilizing a hash function and transforming the hash result into a 
digital signature utilizing the symmetric key. 

170. The method of claim 169-wherein~verificationof^the signing of the content license 
includes generating a further hash result of the content license utilizing the hash function, and 
determining whether the hash result corresponds to the further hash result. 

171 . The method of claim 168 wherein the verification of the signing of the content license 
includes determining a digital signature created utilizing the symmetric key. 

172. A method to distribute content via a network in a geographically controlled manner, the 
metfiod including: 

receiving a request from a content requestor for delivery of content to the content 
requestor via the network; 

performing a content requestor authorization process, the content requestor authorization 
process including determining a geographic location associated with the content 
requestor, determining geographic access criteria associated with the content, and 
determining whether the geographic location complies with the geographic access 
criteria; and 
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releasing tiie content for delivery to the content requestor if the content location complies 
with the geographic access criteria. 



173. The method of claim 172 wherein the determining of the geographic location includes 
determining a delivery address to which a copy-protected device associated witfi the content 
requestor was delivered. 

174. The method of claim 1 73 including releasing the content for deliver to the content 
requestor if the delivery address complies with the geographic access criteria. 

175. The method of claim 172 wherein the determining of the geographic location includes 
determining a delivery address to which a user authentication device associated with the content 
requestor was delivered. 

176. The method of claim 175 wherein the content is released for delivery to the content 
requestor if the delivery address complies with the geographic access criteria. 

177. The method of claim 172 wherein the determining of the geographic location includes 
mapping a source network address of the request for the delivery of the content to a request 
source location. 

1 78. The method of claim 1 77 including releasing the content for delivery if the request source 
location complies with the geographic access criteria. 

179. The method of claim 173 wherein the copy-protected device comprises a set-top box. 

180. The method of claim 173 wherein the copy-protected device comprises a PKI-enabled 
hardware device. 

181. The method of claim 1 75 wherein the user authentication device comprises an electronic 
token. 

182. The method of claim 175 wherein the user authentication device comprises a smart card. 

183. A system to distribute content via a network in a geographically controlled manner, the 
system including: 

a content requestor; and 
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a content distributor for a couple to the content requestor via the network, to receive a 
request from a content requestor for delivery of content to the content requestor via the 
network, to perform a content requestor authorization process, the content requestor 
authorization process including determining a geographic location associated with the 
content requestor, determining geographic access criteria associated Avith the content, and 
determining whether the geographic location complies with the geographic access 
criteria, and to release the content for delivery to the content requestor if the content 
location complies with the geographic access criteria. 

1 84. The system of claim 1 83 wherein the determining of the geographic location includes 
determining a delivery address to which a copy-protected device associated with the content 
requestor was delivered. 

1 85 . The system of claim 1 84 including releasing the content for deliver to the content 
requestor if the delivery address complies with the geographic access criteria. 

1 86. The system of claim 1 83 wherein the determining of the geographic location includes 
determining a delivery address to which a user authentication device associated with the content 
requestor was delivered. 

1 87. The system of claim 1 86 wherein the content distributor releases the content for delivery 
to the content requestor if the delivery address complies with the geographic access criteria. 

188. The system of claim 1 83 wherein the determining of the geographic location includes 
mapping a source network address of the request for the delivery of the content to a request 
source location. 

1 89. The system of claim 1 88 wherein the content distributor releases the content for delivery 
if the request source location complies with the geographic access criteria. 

190. The system of claim 184 wherein the copy-protected device comprises a set-top box. 

191. The system of claim 1 84 wherein the copy-protected device comprises a PKI-enabled 
hardware device. 

192. The system of claim 186 wherein the user authentication device comprises an electronic 
token. 



193. 



The system of claim 186 wherein the user authentication device comprises a smart card. 
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194. A method to dynamically present a payment gateway to content requestor, the method 
including: 

responsive to a request received at a content distributor for access to a content 
item provided by a content provider, determining whether the content distributor 
records a first payment gateway of a first plurality of payment gateways as being 
a preferred payment gateway; 

if the content distributor has recorded the first payment gateway of the first 
plurality of payment gateways as a first preferred payment gateway, then 
presenting the first payment gateway to a content requestor as an actual preferred 
payment gateway; 

if the content distributor has not recorded the first payment gateway of the first 
plurality of payment gateways as the first preferred pa3mient gateway, then 
presenting a second preferred payment gateway of a second plurality of payment 
gateways recorded by the content provider of the content item as the actual 
preferred payment gateway to the content requestor. 

195. The method of claim 194 wherein the actual preferred payment gateway is presented to 
the content requestor as a default payment gateway. 

1 96. The method of claim 1 94 wherein the first plurality of payment gateways are presented to 
the presenting requestor in an order reflecting relationships established between the content 
distributor and the first plurality of payment gateways. 

197. The method of claim 194 including communicating the first plurality of payment 
gateways, with which the content provider has established relationships, firom the content 
provider to the content distributor, and presenting both the first and second pluralities of payment 
gateways to the content requestor for selection, 

198. The method of claim 194 including communicating the first plxirality of payment 
gateways firom the content provider to the content distributor, and wherein the content distributor 
is only authorized to present payment gateways included witiiin the second plurality of payment 
gateways to the content requestor for selection. 
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1 99. The method of claim 198 wheiein the content distributor re-orders the second plurality of 
payment gateways according to a relationship established between the content distributor and at 
least one of the second plurality of payment gateways. 



-82- 



wo 01/98903 



PCT/USO 1/19271 



1/28 




wo 01/98903 PCT/USOl/19271 



2/28 





CD 



|0 H- LJJ O UJ 
|0 CO ^QC O 



1— 

-J 2 


LU 




31 


cr: ^1 






LU 
CO 





I. 




LU UJ cc 
CC o LJ-l 

=> =^ > 3:1 
o cc -=i-l 




o 

cc 

Q. CO 



o 
o 



CONTENT 
PROVIDER 
SERVER 
M 


RE6IST 
AND AC 


CONDITIONAL 
ACCESS(CA) 
SERVER 
36 





CO 
CO 
LU 

o 
o 



1 LU 


1 ^ . 


ONAL 
FRVini 

Ln V iwi 

DER 


o :rr'uj 


MDITI 
■SSS 
ROVI 




.1 Oo°- 





cc < 
LU cc 
tr I— 

O CD 

1 1 f 



wo 01/98903 



PCT/USOl/19271 



3/28 




Q > 0| 
CO 




O LU 



QC CO 
LU LU 
Q ZD 

cc a 



= =^ sei 

LU J±J 
CO " 



CO 
CD 



S CO o 

LU UJ Q QC 

tr I— 
z a <c s 

O UJ o 



C3 DC 



cr: 



QC 
C3 

CO 
CO 
LU 
CD 
O 



^ cc ^ 




2 o ^ 



tco^^ 

Q LU -J 
S O O 




^3 



CO 

o 




CO 

o 
J— 

CD 

<c 

CO 

<: 
cc 



az 

CQ S CO 

LU LU ^ < 

o cc 

CO 



ujcc 

cc o i-u 

CD > cc -^l 
LU ^ LU 
CO " CO 



LU CO 
CC 

CD > 
LU LU 
CO Q 



CO < 




CO 



i 



CO 



LU UJ 



oco 



So 



CO 

o 
<c 

CO 

<: 
cc 



wo 01/98903 



PCT/USOl/19271 



4/28 




SUBSCRIBE 
SERVER 



72 



SUBSCR. 
FORMS 



SUBSCRIPTION 
FORM SERVER 



za 




CASH 
MANAGER 




ACCESS 
CRITERIA 



TRANSACTION 
SERVER 



74 




FIG. 4 



wo 01/98903 



PCT/USO 1/19271 



5/28 



CA SERVER 
SECURE DEVICE SERVER 



WEB SERVER 
92 



hi 



SNMP 
AGENT 



28 



BROWSER 
90 



CA AGENT 
TRANSACTION 
MGRfifi 

A 



I 



MEDIA SERVER 
40 



SECURE 
AGENT 
M 



CA AGENT 
SOCKET PROXY 



CA AGENT 
SERVER 



SQ J 



CA CLIENT 
48 



K 



MEDIA 
PUYER 69 



FIG. 5 



wo 01/98903 



PCT/USOl/19271 



6/28 



CONTENT CONSUMER (E.G., VIA USER SECURE 
DEVICE EXECUTING CA CLIENT) 
ISSUES REQUEST TO CONTENT 
DISTRIBUTOR (E.G. CA AGENT) TO 

DELIVER CONTENT 122 




T 



CONTENT DISTRIBUTOR VERIFIES USER DEVICE 
AND COPY-PROTECTED DEVICE CERTIFICATES 



124 



CONTENT DISTRIBUTOR-RETRIEVES-ACCESS CRITERIA 

AND PRODUCT KEY (ENCRYPTED WITH CONTENT 
DISTRIBUTOR PUBLIC KEY) FROM CONTENT PROVIDER. 
SIGNATURE OF CONTENT PROVIDER CYPTOGRAPHICALLY 
COMBINES ACCESS CRITERIA AND PRODUCT KEY 126 



CONTENT DISTRIBUTOR VERIFIES SIGNATURE 
OF ACCESS CRITERIA AND PRODUCT KEY 
USING CONTENT PROVIDER CERTIFICATE SIGNED 

BY TRUSTED THIRD PARTY -128 



T 



CONTENT DISTRIBUTOR DECRYPTES PRODUCT 
KEY UTILIZING PRIVATE KEY OF CONTENT 
DISTRIBUTOR 



130 




FIG. 6A 



wo 01/98903 



PCT/USO 1/19271 



7/28 




CONTENT DISTRIBUTOR REQUESTS AND RETRIEVES 
SECURE CONTENT CONSUMER DEVICE INFORMATION 
(E.G.. PURSE VALUE, DATE OF BIRTH. GEOGRAPHIC 
LOCATION) THAT IS SIGNED BY COMMERCE SERVICE 
PROVIDER (PAYMENT GATEWAY) 



132 



I 



CONTENT DISTRIBUTOR RETRIEVES SUBSCRIPTION 
INFORMATION SIGNED BY CONTENT PROVIDER 
FROM CONTENT PROVIDER 



I 



CONTENT DISTRIBUTOR CONSTRUCTS ORDER REQUEST 
SIGNS ORDER REQUEST AND TRANSMITS ORDER REQUEST 
TO CONTENT CONSUMER FOR ACCEPTANCE 



136 



CONTENT CONSUMER VERIFIES CONTENT DISTRIBUTOR 
SIGNATURE, USER PROMPTED FOR PIN TO CONFIRM 

ORDER, PIN USED TO SIGN ORDER, AND ORDER 
CONFIRMATION (SIGNED) TRANSMITTED TO CONTENT 
DISTRIBUTOR 



CONTENT DISTRIBUTOR VERIFIES COLLECTED DATA IN 
PHYSICALLY SECURE ENVIRONMENT CREATES SECURE 
SESSION WITH CONTENT CONSUMER AND A UNIQUE 
CONSUMER KEY ENCRYPTS CONSUMER KEY WITH PUBLIC 
KEY OF SECURE CONSUMER DEVICE (COPY-PROTECTED 
DEVICE) AND COMMUNICATES CONSUMER KEY 
TO CONTENT CONSUMER 



140 



T 



END 




FIG. 6B 



wo 01/98903 



PCT/USOl/19271 



8/28 



CONTENT PROVIDER ENCRYPTS CONTENT WITH PRODUCT 

KEY AND ENCRYPTS PRODUCT KEY WITH PUBLIC KEY 
OF CONTENT DISTRIBUTOR, AND TRANSMITS ENCRYPTED 
CONTENT AND ENCRYPTED PRODUCT KEY TO CONTENT 
DISTRIBUTOR 



I 



CONTENT DISTRIBUTOR WITHIN SECURE, TAMPER-PROOF 
ENVIRONMENT DECRYPTS PRODUCT KEY DECRYPTS 

CONTENT USING PRODUCT KEY WATERMARKS CONTENT 
(PERSONAL WATER MARKING) AND RE-ENCRYPTS CONTENT 
WITH UNIQUE CONSUMER KEY (PERSONAL RE-ENCRYPTION) 



152 



4-' 



154 



CONTENT-DISTRIBUTOR ENCRYPTS PRODUCT KEY 
WITH UNIQUE CONSUMER KEY AND 
UNIQUE CONSUMER KEY WITH PUBLIC KEY 
OF CONSUMER 



156 



CONTENT DISTRIBUTOR TRANSMITS ENCRYPTED 
CONTENT, ENCRYPTED PRODUCT KEY AND ENCRYPTED 
UNIQUE CONSUMER KEY TO 
CONTENT CONSUMER 



158 



CONTENT CONSUMER DECRYPTS UNIQUE CONSUMER 
KEY USING CONSUMER PRIVATE KEY DECRYPTS PRODUCT 
KEY USING UNIQUE CONSUMER KEY AND DECRYPTS 
WATERMARKED CONTENT USING PRODUCT KEY 



160 



^ END ^ 



FIG. 7 



wo 01/98903 



PCT/USOl/19271 



9/28 



CONTENT PROVIDER 



24 



CLEAR C ONTENT 

I 

SEQUENCE OF KEYS (Sk) 

i 



98 



26 



Sk1 Sk2 Sk3 



Sk(N-1)| Skn 



FIG. 8A 



SpAK 



106 



20 



CONTENT 
DISTRIBUTOR 



.104 



ss, 



Uk 



110 



(SECURE AUTHORIZATION 
CHANNEL) 



16 



CONTENT 
PROVIDER 



22 



CONTENT 
DESTINATION 



su 



K 



(DIFFERENTIAL KEYS) 

108 



ENCRYPTED 
CONTENT 26 



40 



FIG. 8B 



wo 01/98903 



PCT/USOl/19271 



10/28 



GENERATE SEQUENCE OF RANDOM, TIME-VARYING " 
SESSION KEYS 



204 



ENCRYPT CONTENT WITH TIME-VARYING 
SEQUENCE OF SESSION KEYS 



206 



ENCRYPT EACH SESSION KEY WITH PRODUCT 
KEY ASSOCIATED WITH THE CONTENT 



T 



TRANSMIT (1) ENCRYPTED CONTENT AND (2) 
ENCRYPTED SEQUENCE OF SESSION KEYS TO 
CONDITIONAL ACCESS AGENT 



208 



210 



STORE (CACHE) ENCRYPTED CONTENT AT LOCAL 
CONTENT (MEDIA) 
SERVER WITH ASSOCIATED AGENT 



^ END ^ 



FIG. 9 



wo 01/98903 



PCT/USOl/19271 



11/28 



220 



RECEIVE (AT AGENT) REQUEST FROM CLIENT INCLUDING 
(1) USER DEVICE CERTIFICATE 
(2) COPY PROTECTED DEVICE CERTIFICATE(OPTIONAL), AND 
(3) CLIENT CHALLENGE (OPTIONAL) AND VERIFY 



T 



222 



AGENT TRANSMIT REQUEST FOR (1) PRODUCT KEY AND 
(2) RULES (E.G., ACCESS CRITERIA) TO CONTENT 
PROVIDER (E.G.. CA SERVER) 



SERVER VERIFIES REGIONAL CONSTRAINTS 
ASSOCIATED WITH CONTENT 



SERVER ENCRYPTS PRODUCT KEY WITH 
PUBLIC KEY OF AGENT 



SERVER ATTACHES SIGNATURE TO RULES AND 
TO ENCRYPTED PRODUCT KEY 



T 



AGENT VERIFIES SIGNATURE USING SERVER 
CERTIFICATE 



224 



226 



228 



230 



232 



AGENT REQUESTS AND RECEIVES FROM THE COMMERCE 
SERVICE PROVIDER SECURE DEVICE INFORMATION 
(E.G., PURSE VALUE. DATA OF BIRTH, REGION ETC.) 



AGENT REQUESTS AND RECEIVES SUBSCRIPTION 
INFORMATION, SIGNED BY SERVER, FROM SERVER 



T 



234 



AGENT CONSTRUCTS ORDER USING INFORMATION. SIGNS 
ORDER AND COMMUNICATES ORDER TO CLIENT FOR 
ACCEPTANCE 



T 



CLIENT VERIFIES AGENT SIGNATURE AND 
CONFIRMS ORDER REQUEST AND CLIENT SIGNS 
AND RETURNS THE ORDER TO THE AGENT 



236 



238 



240 



FIG. IDA 



wo 01/98903 



PCT/USOl/19271 



12/28 



220 



9 



AGENT VERIFIES COLLECTED 
DATA WITHIN PHYSICALLY 
SECURE ENVIRONMENT 



AGENT CREATES A SECURE 
SESSION AND A UNIQUE 
USER KEY 

i 



242 



244 



AGENT ENCRYPTS USER KEY WITH (1) PUBLIC 
KEY OF COPY PROTECTED DEVICE OR (2) PUBLIC KEY 
OF USER SECURE DEVICE 



246 



T 



AGENT PROCESSES ENCRYPTED SESSTON'KEYS 
ASSOCIATED WITH REQUESTED 
CONTENT: SESSION KEY ENCRYPTED PRODUCT KEY 
DECRYPTED AND RE-ENCRYPTED WITH UNIQUE USER KEY 

i 



AGENT TRANSMITS USER KEY ENCRYPTED 
SESSION KEYS TO CLIENT 



248 



250 



CLIENT DECRYPTS SESSION KEYS 
USING UNIQUE USER KEY 



T 



CLIENT DECRYPTS CONTENT 
USING SESSION KEYS 



252 



254 



T 




END 



FIG. 108 



wo 01/98903 



PCT/USOl/19271 



13/28 



o 



P OQOl 
O 

O CO 









CC 
LU 


31 


> 


SER 



^ O cc 
CCQ 



si 

UJ 




CO 



2 



CO . 
CO 
LU 
CJ> 

o 

<Cco 



2S 

Q 
O 



CO) 
C\J| 



CM 



CO " 



- LU 

- Q 

oo 
o oc 

Q. 



± 



CC 

o ^ b: 

DC S UJ 
Ci3 



OC 

UJ LU UJ 

OC CO Q 



oc 

L_ O CO 
CD CO ^ 

CD =2 

oc ^ 
o 



CO 



O CC 



CC 

UJ tu UJ 

o oc o 

o mty 

cccoC^ 

O- 



CD 



wo 01/98903 



PCT/USOl/19271 



14/28 




280 



PRODUCT KEY (AND 
OPTIONAL RULES) 
COMMUNICATED TO 

SERVER SECURE 
DEVICE AND STORED 
AT ASP CONDITIONAL 
ACCESS SERVER 
(ENCRYPTED WITH 
STORAGE KEY) 



282 



SECRET AGENT KEY 
COMMUNICATED TO 
SERVER SECURE 

DEVICE AND 
STORED AT ASP 
SERVER (ENCRYPTED 
WITH STORAGE KEY) 



CONTENT COMMUNICATED 

TO REQUESTING AGENT 
FROM CONTENT PROVIDER 



286 ^ 



PRODUCT KEY (ENCRYPTED 
WITH SECRET AGENT KEY) ^^8 

COMMUNICATED TO 

REQUESTING AGENT 

FROM ASP SERVER 



AGENT DECRYPTS AND 
WATERMARKS CONTENT 

(AND OPTIONALLY 
RE-ENCRYPTS CONTENT 

WITH USER KEY) 



T 



AGENT DISTRIBUTES 
CONTENT TO CLIENT 
(USER) 



Q END ^ 



FIG. 12 



wo 01/98903 



PCT/USOl/19271 



15/28 



CREATE PRODUCT KEY AT 
CONTENT PROVIDER. USING 
PROVIDER SECURE DEVICE 



302 



ENCRYPT PRODUCT KEY USING 
PUBLIC KEY OF ASP SERVER 
SECURE DEVICE 



304 



AT CONTENT 
PROVIDER 



4- 



AT ASP 
CONDITIONAL 
ACCESS 
SERVER 



COMBINE ENCRYPTED PRODUCT 
KEY AND RULE INFORMATION (ACCESS 
CRITERIA), AND SIGN COMBINATION 
USING CONTENT PROVIDER PRIVATE 

KEY 



T 



ASP CA SERVER VERIFIES CONTENT 
PROVIDER CERTIFICATE AND SIGNATURE, 
AND SUBMITS ENCRYPTED PRODUCT 
KEY TO SERVER SECURE DEVICE 



ENCRYPTED PRODUCT KEY DECRYPTED 
INSIDE SERVER SECURE DEVICE 



I 



306 



ATTACH CONTENT PROVIDER CERTIFICATE 
AND SEND COMBINED PRODUCT KEY 

AND RULE INFORMATION TO ASP 
CONDITIONAL ACCESS (CA) SERVER 



308 



310 



312 



RE-ENCRYPT PRODUCT KEY WITH 
SYMMETRIC STORAGE KEY, STORE PRODUCT 
KEY IN SERVER DATABASE, AND LOGICALLY 
LINK CONTENT PROVIDER WITH 
PRODUCT KEY 



314 



Q END ^ 



FIG. 13 



wo 01/98903 



PCT/USOl/19271 



16/28 



320 



AGENT RECEIVES PUBLIC KEY 
OF SERVER SECURE DEVICE 






AGENT ENCRYPT 
KEY USING PUBLI 
SECURE 


S AGENT SECRET 
C KEY OF SERVER 
DEVICE 



322 



324 



AT AGENT 



AGENT SIGNS ENCRYPTED AGENT SECRET 
KEY (USING AGENT SECURE DEVICE) AND 
TRANSMITS TO ASP SERVER WITH AGENT 
CERTIFICATE 



326 



-l-- T--:::::t:::::-^ r- 



AT ASP 
CONDITIONAL 
ACCESS 
SERVER 



ASP SERVER VERIFIES 
AGENT CERTIFICATE AND 
SIGNATURE 



ASP SERVER SUBMITS ENCRYPTED 
AGENT SECRET KEY TO SERVER 
SECURE DEVICE 



328 



330 



SERVER SECURE DEVICE DECRYPTS AGENT 

SECRET KEY AND RE-ENCRYPTS AGENT 
SECRET KEY USING SYMMETRIC STORAGE 
KEY AND LOGICALLY LINK AGENT SECRET KEY 
(ENCRYPTED) WITH AGENT 



332 



FIG. 14 



wo 01/98903 



PCT/USOl/19271 



17/28 



AGENT REQUESTS PRODUCT KEY 
FROM ASP CONDITIONAL ACCESS 
SERVER (E.G.. TO 
DECRYPT CONTENT OR TO 
GENERATE LICENSE) 



ASP CONDITIONAL ACCESS 
SERVER TRANSMITS 
(1) ENCRYPTED PRODUCT KEY 
AND 

(2) ENCRYPTED AGENT SECRET KEY 
TO SERVER SECURE DEVICE 



340 



342 




344 



SERVER SECURE DEVICE DECRYPTS 
BOTH PRODUCT AND AGENT SECRET KEYS 



340 



SERVER SECURE DEVICE ENCRYPTS 
PRODUCT KEY WITH AGENT SECRET KEY 



348 



SERVER SECURE DEVICE RETURNS 
ENCRYPTED PRODUCT KEY TO ASP 
SERVER 



350 



ASP SERVER TRANSMITS 
ENCRYPTED PRODUCT KEY 
TO REQUESTING AGENT 



352 



REQUESTING AGENT DECRYPTS PRODUCT KEY 
RE-ENCRYPTS PRODUCT KEY WITH SECURE 
DEVICE KEY OF CLIENT, AND 
COMMUNICATES ENCRYPTED PRODUCT 
KEY TO CLIENT (END-USER) 



354 



T 



wo 01/98903 



PCT/USO 1/19271 



18/28 



i 



LU <C LU 

OC CC o o 
= UJ pz ^ 



UJ o 

S:2=]>-co| 

> m iy CD 



UJ 

»— 




LU <C 








DEVr 
RTIFI 




UJ 




o 







UJ 


LU 




DEV 


^ UJ 1— 

— ^ 
a. 



Q 
UJ 



UJ O 

S£ Zj >-cvji 

LU ^ ^ ^1 
O O- 



UJ 



2r UJ ^ 



LU <C 

OO o, 

U- T- 

Q E 

UJ 

O 



z o u_ 



CD 
CD 




CO 
CD 



wo 01/98903 



PCT/USOl/19271 



19/28 



,420 



CLIENT RECEIVES USER DEVICE 
SIGNATURE AND CERTIFICATE 
AND TRANSMITS TO AGENT 



T 



CLIENT RECEIVES COPY PROTECTED 
DEVICE SIGNATURE AND 
CERTIFICATE AND TRANSMITS 
TO AGENT 



T 



422 



424 



AGENT VERIFIES SECURE USER DEVICE 
SIGNATURE AND CERTIFICATE 



T 



AGENT VERIFIES USER CREDENTIALS 
AGAINST RULES (ACCESS CRITERIA) 



T 



426 



428 



AGENT VERIFIES COPY PROTECTED 
DEVICE CERTIFICATE 



T 



AGENT ENCRYPTS PRODUCT KEY WITH PUBLIC 
KEY OF COPY PROTECTED DEVICE 



430 



432 



AGENT TRANSMITS ENCRYPTED 
PRODUCT KEY TO CLIENT 



T 



434 



CLIENT DECRYPTS PRODUCT KEY WITHIN COPY 
PROTECTED DEVICE USING PRIVATE KEY 
AND DECRYPTS CONTENT USING 
DE-CRYPTED PRODUCT KEY 

T 



436 



FIG. 17 



wo 01/98903 



PCT/USOl/19271 



20/28 



,450 



USER SELECTS ENCRYPTED 
CONTENT 



PLAYER (COPY PROTECTED DEVICE) 
LOADS ASSOCIATED CONTENT 
LICENSE TO DECRYPT CONTENT 



452 



454 



PLAYER DETECTS PRODUCT KEY 
ENCRYPTED WITH PUBLIC KEY 
OF USER 



PLAYER APPENDS RANDOM 
CHALLENGE 
TO ENCRYPTED PRODUCT KEY 

i 



PLAYER REQUEST USER DEVICE 

TO DECRYPT ENCRYPTED PRODUCT 

KEY AND CHALLENGE USER DEVICE 

PRIVATE KEY 

J 



456 



458 



460 



PLAYER RE-ENCRYPTS RETURNED RESULT 
WITH USER DEVICE PUBLIC KEY TO 
VERIFY CHALLENGE 



462 




PLAYER DECYRPTS 
ENCRYPTED PRODUCT 
KEY WITH COPY 
PROTECTED DEVICE 
PRIVATE KEY 





i 


PLAYER USES 
PRODUCT KEY TO 
DECRYPT CONTENT 





FIG. 18 



wo 01/98903 



PCT/USOl/19271 



21/28 



470 




Machine identification 
Content identification 
Product key (2 * encryted 
License usage restrictions: 

• Begin date 

• End date 

• IMumber of plays 

• User(s) certificate info: 

• Public key 

• Serial & Issuer 
Signature by License Issuer 

Certificate License Issuer 




FIG. 19 



wo 01/98903 



PCT/USOl/19271 



22/28 



480 



GENERATE CONTENT LICENSE 
AT CONTENT PROVIDER 



SIGN THE CONTENT LICENSE 
UTILIZING A SYMMETRIC KEY 
AT CONTENT PROVIDER 



482 



484 



ENCRYPT CONTENT WITH 
SYMMETRIC KEY AT CONTENT 
PROVIDER 



T 



TRANSMIT CONTENT AND CONTENT 
LICENSE TO RECIPIENT 



T 



TRANSMIT SYMMETRIC KEY 
TO RECIPIENT 



T 



RECIPIENT VERIFIES CONTENT 
LICENSE UTILIZING SYMMETRIC 
KEY 



T 



RECIPIENT DECRYPTS CONTENT 
UTILIZING SYMMETRIC KEY 

T 



486 



488 



490 



492 



494 



FIG. 20 



wo 01/98903 



PCT/USOl/19271 



23/28 




496 



Machine identification 
Content identification 
Product key (encryted) 
License usage restrictions: 

• Begin date 

• End date 

• Number of plays 

• User(s) certificate info: 

• Public key 

• Serial & Issuer 
Signature using product keyi 

(symmetric key) 




FIG. 21 



wo 01/98903 



PCT/USOl/19271 



24/28 



V//yi^///A 



5 




FIG. 22 



SYMMETRIC 




VERIFICATION 


< 


DIGITAL 


KEY 




FUNCTION 




SIGNATURE 






1 


r 







498 



C 



VERIFICATION Vv5^ 

RESULT " p|Q_ 23 



wo 01/98903 



PCT/USOl/19271 



25/28 



RECEIVE REQUEST FROM USER 
FOR DELIVERY OF CONTENT 
(AT CONTENT PROVIDER OR 
DISTRIBUTION AGENT) 



T 



552 




550 



DETERMINE DELIVERY ADDRESS OF COPY-PROTECTED 
DEVICE AND/OR USER AUTHENTICATION DEVICE 
FOR USER 



T 



554 



DETERMINE SOURCE IP ADDRESS OF REQUEST 
RECEIVED FROM CONTENT REQUESTOR, AND 
MAP IP ADDRESS TO REQUEST SOURCE 
LOCATION 



556 



DETERMINE GEOGRAPHIC ACCESS CRITERIA 
ASSOCIATED WITH CONTENT REQUESTED BY 
CONTENT REQUESTOR 



558 




RELEASE 
CONTENT FOR 
DELIVERY TO 

CONTENT 
REQUESTOR 



FIG. 24 



wo 01/98903 



PCT/USOl/19271 



26/28 



<3 



600 



AT CONTENT PROVIDER, (1) RANK 
A NUMBER OF PAYMENT GATEWAYS 
ACCORDING TO RELATIONSHIPS 
ESTABLISHED BETWEEN THE 
CONTENT PROVIDER AND THE 
PAYMENT GATEWAYS, AND (2) IDENTIFY 
A PREFERRED PAYMENT GATEWAY 



602 



AT EACH OF THE NUMBER OF CONTENT DISTRIBUTORS, 

(1) RANK A NUMBER OF PAYMENT GATEWAYS 
ACCORDING TO RELATIONSHIPS ESTABLISHED BETWEEN 
THE CONTENT DISTRIBUTOR AND THE PAYMENT 
GATEWAYS, AND (2) IDENTIFY A PREFERRED 
PAYMENT GATEWAY 



RESPONSIVE TO A CONTENT REQUEST A 
CONTENT DISTRIBUTOR(N) DETERMINES 
IF A RANKED LIST/PREFERRED PAYMENT 
GATEWAYS EXIST 



T 




PRESENT PREFERRED 
PAYMENT GATEWAY OF 
CONTENT DISTRIBUTOR 
AS PREFERRED 
PAYMENT GATEWAY 



610 



PRESENT PREFERRED 
PAYMENT GATEWAY OF 
CONTENT PROVIDER 

AS PREFERRED 
PAYMENT GATEWAY 



612 



FIG. 25 



wo 01/98903 



PCT/USOl/19271 



27/28 



EXCITE @ HOME - MEDIA: CONTENT SELECTION 




SELECT CONTENT TO VIEW 


n 


SOCCER GAME 


□ 


BASKETBALL GAME 


□ 


MOVIE 



620 



1 



EXCITE @ HOME - MEDIA: PAYMENT SELECTION 

SELECT A WALLET FROM WHICH TO PAY: 

® EXCITE@HOME WALLET 
6 YAHOO WALLET 
O BT WALLET 
O NBA WALLET 



FIG. 26 



wo 01/98903 



PCT/USOl/19271 



700 



28/28 



r 



702 



PROCESSOR 



INSTRUCTIONS 



724 
704 



MAIN MEMORY 



INSTRUCTIONS 



724 
706 



STATIC MEMORY 



720 



NETWORK 
INTERFACE 
DEVICE 




708 



\7 



I. 



710 



VIDEO 
DISPLAY 



Jl 



712 



ALPHA-NUMERIC 
INPUT 
DEVICE 



714 



CURSOR CONTROL 
DEVICE 



C 



716 





DRIVE UNIT 


1 ► 


MACHINE-READABLE. 
MEDIUM 

rs — y 


1 INSTRUCTIONS 

^ Li 





722 
724 



718 



SIGNAL 
GENERATION 
DEVICE 



FIG. 27 



INTERNATIONAL SEARCH REPORT 



International application No. 
PCT/USOl/ 19271 



A. CLASSIFICATION OF SUBJECT MATTER 
IPq?) :Please See Extra Sheet. 

US CL :Please See Extra Sheet. 
According to International Patent Qassification (IPC) or to both national classification and IPC 

B. FIELDS SEARCHED ^ 

Minimum documentation searched (classification system followed by classification symbols) 

U.S. : 713/168, 169, 170, 171. 176, 179, 189. 193. 200, 201; 705/50, 51. SS. 59; 709/217, 218. 219, 2S6, 229 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields 
searched 



Electronic data base consulted during the international search (name of data base and, where practicable, search terms used) 
Please See Extra Sheet. 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 


Citation of document, with indication, where appropriate, of the relevant passages 


Relevant to claim No. 


X 


us 6,002,772 A (SATTO) 14 DECEMBER 1999, SEE ENTIRE 


1-11, 13-16, 18- 




DOCUMENT 


39,41-44,46-171 


Y 










12,17,40,45 


Y 


US 5,999,629 A (HEER ET AL) A 07 DECEMBER 1999 COL. 9, 


12,40 




LINES 32-34 


Y 


US 5,905,800 A (MOSKOWITZ ET AL) 18 MAY 1999, COL. 9, 


17,45 




LINES 32-35 



I I Further documents are listed in the continuation of Box C. | [ See patent family annex. 



cr 



Special categozifis of cited doomnents; 

docnmeot defSning the genoral sUie of the azt -which is not ooiuddeied 
to be of particnlAr lelevajice 

eadier dociimeiii published od or after the intamatianjil filing date 

doomnent -vhioh may throw donbtB on pziozilj olaiin(e) or which is 
cited to establish the pnblicatiou date of another citation or other 
special reason (as specified 

doooment referring to an oral disolosore. use. exbibition or other 
means 

document published prior to the international filing date bnt later 



later document published after the Internationa] filing date or priority 
date and not in conflict with the application but cited to ondeistand 
the principle or theoiy nnderiying the invention 

doomnent of particular releranee; the olaimed iaventian cannot be 
considered novel or cannot be cooaidered to involve an inventive step 
when the document is taken alone 

document of particular relevance; the claimed invention cannot be 
considered to involve an inventive step when the document is conibined 
with one or more other such documents, such combination being 
obvious to a person skilled in the art 

document member of the same patent familj 



Date of the actual completion of the international search 
23 SEPTEMBER 2001 


Date of mailing of the international search report 

16 NOV 2001 


Name and mailing address of the ISA/US 
Commissioner of Patents and Trademaiks 
Box PCT 

Washington. D.C, 20231 
Facsimile No, (70S) 305-5230 


Authorized officer r\ . I i 
GAIL HAYES V WtH^^^-^^^^^ 

Telephone No. (703) 305-9618 



Form PCT/ISA/210 (second sheet) (July 1998)* 



INTERNATIONAL SEARCH REPORT 



International application No. 
PCT/US01/19S71 



Box I Observations where certain claims were found unsearchable (Continuation of item 1 of first sheet) 



Tills international report has not been established in respect of certain claims under Article l7(S)(a) for the following" reasons: 



□ 



Claims Nos.: 

because they relate to subject matter not required to be searched by this Authority, namely: 



□ 



Claims Nos.: 

because they relate to parts of the international application that do not comply with the prescribed requirements to 
such an extent that no meaningful international search can be carried out, specifically: 



s. I I Claims Nos.: 

because they are dependent claims and are not drafted in accordance with the second and third sentences of Rule 6.4{a). 



Box II Observations where unity of invention is lacking (Continuation of item 2 of first sheet) 



This International Searching Authority found multiple inventions in this international application, as follows: 
Please See Extra Sheet. 



1. I I As all required additional search fees were timely paid by the applicant, this international search report covers all 
searchable claims. 

g. I [ As all searchable claims could be searched without effort justifying an additional fee, this Authority did not invite payment 
of any additional fee. 

S. I [ As only some of the required additional search fees were timely paid by the applicant, this international search report 
covers only those claims for which fees were paid, specifically claims Nos.: 



I x| N° required additional search fees were timely paid by the applicant. Consequently, this international search report is 
restricted to the invention first mentioned in the claims; it is covered by claims Nos.: 



1-171 



Remark on Protest 



[ I The additional search fees were accompanied by the applicant's protest. 
[ I No protest accompanied the payment of additional search fees. 
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